TechSpot

Windows XP: Hourglass stuck on taskbar on startup

Inactive
By KliaMia
Apr 16, 2013
  1. My home computer has been having odd behaviors for awhile, and now it is routinely getting stuck and not loading after starting up. When this occurs, I am unable to pull up Task Manager or click on desktop icons or start. I am forced to manually shut it down. I have been able to boot up in safe mode and I ran Malwarebytes but nothing was detected. Interestingly about every other time I log in, I am able to proceed in normal mode. The other times I receive the perpetual hourglass and have to manually shut down.

    The logs to follow were ran in normal mode today. Thank you in advance for the outstanding service you provide.

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.16.10

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-E7C4726E5B [administrator]

    4/16/2013 5:34:29 PM
    mbam-log-2013-04-16 (17-34-29).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 222325
    Time elapsed: 8 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
    Run by Owner at 17:53:06 on 2013-04-16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1214.473 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: ZoneAlarm Free Firewall Firewall *Enabled*
    .
    ============== Running Processes ================
    .
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dogpile.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uProxyOverride = localhost;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ZoneAlarm Backup Startup] "c:\program files\zonealarmbackup\ZABackupStartup.exe" Hide
    mRun: [VTTimer] "c:\windows\system32\VTTimer.exe"
    mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
    mRun: [SoundMan] SOUNDMAN.EXE
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\zoneal~1.lnk - c:\program files\zonealarmbackup\ZABackupReg2ini.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{69C61BD7-5678-40E1-A8E7-1105233C836C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FBC4990D-D076-4270-8067-7506D3B83A2F} : DHCPNameServer = 74.128.1.32 74.128.1.34
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\
    FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\Npindeo.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2013-04-11 20:39; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: 2013-04-11 20:44; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2013-04-11 20:51; twitter@disconnect.me; c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\extensions\twitter@disconnect.me.xpi
    FF - ExtSQL: 2013-04-11 21:00; firefox@ghostery.com; c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\extensions\firefox@ghostery.com
    FF - ExtSQL: 2013-04-11 21:08; browserprotect@browserprotect.com; c:\documents and settings\owner\application data\mozilla\firefox\profiles\f1q7hgpp.default\extensions\browserprotect@browserprotect.com.xpi
    FF - ExtSQL: 2013-04-14 23:15; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\checkpoint\zaforcefield\TrustChecker
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-1 49248]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-1 164736]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-13 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-13 368176]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-3-27 527848]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-13 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-1 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-12-13 45248]
    R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]
    R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]
    R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
    R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\zonealarmbackup\ZABackup Service.exe [2013-4-14 149008]
    S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-4-16 40776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-5-8 45312]
    .
    =============== Created Last 30 ================
    .
    2067-02-24 21:21:18 79947 -c--a-w- c:\windows\fw20.vxd
    2013-04-16 22:33:36 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-04-15 04:55:09 229376 ----a-w- c:\windows\system32\IDrLocale.dll
    2013-04-15 04:15:13 -------- d-----w- c:\documents and settings\owner\application data\CheckPoint
    2013-04-15 04:14:06 -------- d-----w- c:\program files\CheckPoint
    2013-04-15 04:11:34 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
    2013-04-15 03:21:31 214256 ----a-w- c:\windows\system32\muweb.dll
    2013-04-03 18:09:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-20 04:12:04 -------- d-----w- c:\program files\CCleaner
    .
    ==================== Find3M ====================
    .
    2013-04-12 00:53:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-12 00:53:30 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-04-03 18:08:45 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-04-03 18:08:45 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-04-03 18:08:45 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
    2013-03-07 01:28:24 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-03-07 00:50:28 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-03-06 22:33:24 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-03-06 22:33:24 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-03-06 22:33:24 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-03-06 22:33:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-03-06 22:32:51 41664 ----a-w- c:\windows\avastSS.scr
    2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-03-02 02:06:30 43520 ------w- c:\windows\system32\licmgr10.dll
    2013-03-02 02:06:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-03-02 01:08:47 385024 ------w- c:\windows\system32\html.iec
    2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-18 04:16:40 0 ----a-w- c:\windows\system32\REN1B.tmp
    2013-01-18 04:16:40 0 ----a-w- c:\windows\system32\REN1A.tmp
    2013-01-18 02:09:59 0 ----a-w- c:\windows\system32\REN9F.tmp
    2013-01-18 02:09:59 0 ----a-w- c:\windows\system32\REN9E.tmp
    .
    ============= FINISH: 17:55:04.43 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/11/2005 11:47:50 AM
    System Uptime: 4/16/2013 4:39:05 PM (1 hours ago)
    .
    Motherboard: First International Computer, Inc. | | K8M-800M
    Processor: AMD Sempron(tm) Processor 3100+ | Socket 940 | 1800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 89 GiB total, 63.257 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 2.726 GiB free.
    E: is CDROM ()
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
    Description: USB Mass Storage Device
    Device ID: USB\VID_058F&PID_9360\2004888
    Manufacturer: Compatible USB storage device
    Name: USB Mass Storage Device
    PNP Device ID: USB\VID_058F&PID_9360\2004888
    Service: USBSTOR
    .
    ==== System Restore Points ===================
    .
    RP2262: 3/15/2013 7:50:13 AM - System Checkpoint
    RP2263: 3/16/2013 7:53:21 AM - System Checkpoint
    RP2264: 3/17/2013 11:08:40 AM - System Checkpoint
    RP2265: 3/18/2013 1:03:35 PM - System Checkpoint
    RP2266: 3/19/2013 10:29:56 PM - System Checkpoint
    RP2267: 3/19/2013 10:59:31 PM - Revo Uninstaller's restore point - Java 7 Update 15
    RP2268: 3/19/2013 10:59:54 PM - Removed Java 7 Update 15
    RP2269: 3/19/2013 11:03:54 PM - Revo Uninstaller's restore point - CCleaner
    RP2270: 3/20/2013 7:03:06 PM - Software Distribution Service 3.0
    RP2271: 3/21/2013 9:41:36 PM - System Checkpoint
    RP2272: 3/22/2013 9:58:50 PM - System Checkpoint
    RP2273: 3/23/2013 10:02:27 PM - System Checkpoint
    RP2274: 3/24/2013 10:37:42 PM - System Checkpoint
    RP2275: 3/26/2013 12:47:36 AM - System Checkpoint
    RP2276: 3/27/2013 7:01:00 AM - System Checkpoint
    RP2277: 3/28/2013 8:21:20 AM - System Checkpoint
    RP2278: 3/29/2013 7:15:34 PM - System Checkpoint
    RP2279: 3/30/2013 8:28:50 PM - System Checkpoint
    RP2280: 4/1/2013 7:41:28 AM - System Checkpoint
    RP2281: 4/2/2013 5:29:09 PM - System Checkpoint
    RP2282: 4/3/2013 1:08:37 PM - Installed Java 7 Update 17
    RP2283: 4/5/2013 5:45:14 PM - System Checkpoint
    RP2284: 4/7/2013 5:17:14 PM - System Checkpoint
    RP2285: 4/9/2013 6:03:28 AM - System Checkpoint
    RP2286: 4/10/2013 8:39:16 AM - System Checkpoint
    RP2287: 4/11/2013 7:46:03 AM - Software Distribution Service 3.0
    RP2288: 4/11/2013 7:54:56 PM - Revo Uninstaller's restore point - Mozilla Firefox 19.0.2 (x86 en-US)
    RP2289: 4/12/2013 8:45:35 PM - System Checkpoint
    RP2290: 4/13/2013 9:09:19 PM - System Checkpoint
    RP2291: 4/14/2013 10:16:43 PM - System Checkpoint
    RP2292: 4/16/2013 2:41:02 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.6)
    Adobe Shockwave Player 12.0
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    Bonjour
    CCleaner
    Compatibility Pack for the 2007 Office system
    Digital Media Reader
    ExamView ActiveX Control v2
    ExamView Assessment Suite
    ExamView Player
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Image Resizer Powertoy for Windows XP
    ImageMixer VCD/DVD2 for OLYMPUS
    Java 7 Update 17
    Java Auto Updater
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft ActiveSync
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2005
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Office Visio Viewer 2007
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MobileMe Control Panel
    Mozilla Firefox 20.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MUSICMATCH Jukebox
    NTI Backup Now EZ
    OLYMPUS Master
    QuickTime
    Realtek AC'97 Audio
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Recovery Software Suite eMachines
    Revo Uninstaller 1.94
    Rhapsody Player Engine
    S3GSetup
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB2807986)
    Security Update for Windows XP (KB2808735)
    Security Update for Windows XP (KB2813170)
    Security Update for Windows XP (KB2813345)
    Security Update for Windows XP (KB2820917)
    SlimCleaner
    SoftV92 Data Fax Modem with SmartCP
    Spelling Dictionaries Support For Adobe Reader 8
    SUPERAntiSpyware
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    VIA/S3G Display Driver
    WebFldrs XP
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Mobile® Device Handbook
    Windows PowerShell(TM) 1.0
    Windows XP Service Pack 3
    WinPatrol
    ZoneAlarm Backup Powered by IDrive version 1.0.5 March 01, 2011
    ZoneAlarm Firewall
    ZoneAlarm Free Firewall
    ZoneAlarm LTD Toolbar
    ZoneAlarm Security
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/16/2013 12:39:17 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/16/2013 12:12:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    4/16/2013 12:12:18 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    4/16/2013 11:28:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AswRdr aswSnx aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL Tcpip Vsdatant WS2IFSL
    4/16/2013 11:28:58 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    4/16/2013 11:28:58 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    4/16/2013 11:28:58 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    4/16/2013 1:47:40 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    I doubt it's malware related but we can run couple more checks...

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  3. KliaMia

    KliaMia TS Rookie Topic Starter

    RogueKiller produced 2 logs and I posted them below. When I attempted to run mbar.exe, I received the message "DDA driver was not installed which may be caused by rootkit activity. Do you want to reboot the computer to install DDA driver (Scan will continue after reboot)?

    Should I select yes or no?

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Scan -- Date : 04/16/2013 20:30:15
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3100011A +++++
    --- User ---
    [MBR] 12f97520722a772a72de79d55c0e6634
    [BSP] 785403c40b2e57190234204681ec45a9 : Legit.B MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 8369865 | Size: 91299 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4086 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04162013_02d2030.txt >>
    RKreport[1]_S_04162013_02d2030.txt


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 04/16/2013 20:32:04
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3100011A +++++
    --- User ---
    [MBR] 12f97520722a772a72de79d55c0e6634
    [BSP] 785403c40b2e57190234204681ec45a9 : Legit.B MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 8369865 | Size: 91299 Mo
    1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 4086 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_04162013_02d2032.txt >>
    RKreport[1]_S_04162013_02d2030.txt ; RKreport[2]_D_04162013_02d2032.txt
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Yes.
  5. KliaMia

    KliaMia TS Rookie Topic Starter

    When I selected "yes" I received another message that said it was unable to install the driver on reboot. Then the Introduction box about it being BETA software came up, and the computer did not reboot. Should I click "Next" to get started or "Exit"?
    (Sorry if it should be obvious, but I don't know what you will need.) Thank you again.
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Try to run it from safe mode.
  7. KliaMia

    KliaMia TS Rookie Topic Starter

    Here are then logs from the Mbar.exe scan in. safe mode.

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.800000 GHz
    Memory total: 1273479168, free: 570765312

    DDA Driver installation error.
    Could not install driver on reboot
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.800000 GHz
    Memory total: 1273479168, free: 1000390656

    ------------ Kernel report ------------
    04/16/2013 23:33:06
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    aliide.sys
    cmdide.sys
    toside.sys
    viaide.sys
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    PartMgr.sys
    VolSnap.sys
    cpqarray.sys
    \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    atapi.sys
    aha154x.sys
    sparrow.sys
    symc810.sys
    aic78xx.sys
    dac960nt.sys
    ql10wnt.sys
    amsint.sys
    asc.sys
    asc3550.sys
    mraid35x.sys
    i2omp.sys
    ini910u.sys
    ql1240.sys
    aic78u2.sys
    symc8xx.sys
    sym_hi.sys
    sym_u3.sys
    ABP480N5.SYS
    asc3350p.sys
    cd20xrnt.sys
    ultra.sys
    adpu160m.sys
    dpti2o.sys
    ql1080.sys
    ql1280.sys
    ql12160.sys
    perc2.sys
    perc2hib.sys
    hpn.sys
    cbidf2k.sys
    dac2w2k.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    viaagp.sys
    viaagp1.sys
    ohci1394.sys
    \WINDOWS\system32\DRIVERS\1394BUS.SYS
    Mup.sys
    gagp30kx.sys
    aswVmm.sys
    aswRvrt.sys
    agp440.sys
    alim1541.sys
    amdagp.sys
    agpCPQ.sys
    \??\C:\WINDOWS\system32\drivers\UBHelper.sys
    \SystemRoot\System32\Drivers\cdrbsdrv.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \??\C:\WINDOWS\system32\drivers\NTIDrvr.sys
    \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\Drivers\i2omgmt.SYS
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8970e680
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-12\
    Lower Device Object: 0xffffffff8975ad98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Host not found
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8970e680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8970e3f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff8970e680, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff897d8428, DeviceName: \Device\00000088\, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff8975ad98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-12\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1d3c470, 0xffffffff8970e680, 0xffffffff894b55b8
    Lower DeviceData: 0xffffffffe1c3d358, 0xffffffff8975ad98, 0xffffffff89514f18
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\driver jp.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\HSFProf.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bsaspi32.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdi.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdrbsvsd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4B36BDEA

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 8369865 Numsec = 186980535
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 8369802

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 100030242816 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-195351568-195371568)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\Documents and Settings\All Users\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Napster\image\listbk.bmp" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Album\PSASE.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.1.3\rbm.bin" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\QuickTime\QuickTimeFavorites.qtr" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\mcini.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\certi.idx" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\hwid.idx" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall\data\sports.ent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Microsoft\Works\logins.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall\MPFSettings.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\evplay.prf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall\LogSettings.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall\MPFSettings.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall\WindowPositions.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\AdobeUM\AcRdB7_0_9.sta" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\McGraw-HillLicensing\9780073318301" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Media Player\0038CC0A.wpl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\Excel12.pip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\Graph11.pip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1025.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1030.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1031.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1036.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1040.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1046.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\MSO1049.acl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\Organi11.pip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\VB11.pip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Microsoft\Office\Word12.pip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Move Networks\MNStatsID.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\OfficeUpdate12\ident.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\OfficeUpdate12\ouhistv3.log" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\PlayFirst\dinerdashfloonthego\survey.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Real\RealMediaSDK\4a89a000.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Real\RealMediaSDK\4a8d0800.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Real\RealMediaSDK\c0a80000.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Smilebox\FlvPlayerBase.swf" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Smilebox\update.xml" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Smilebox\Config\hallmark-updateableAssets.xml" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\Smilebox\Config\updateableAssets.xml" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Application Data\yoclient\installer.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
    Read File: File "c:\install.dat" is compressed (flags = 1)
    Read File: File "c:\LogiSetup.log" is compressed (flags = 1)
    Read File: File "c:\mbam-error.txt" is compressed (flags = 1)
    Read File: File "c:\YServer.txt" is compressed (flags = 1)
    Read File: File "c:\Boot.bak" is compressed (flags = 1)
    Read File: File "c:\boot.ini" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-1003\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-1003\INFO2" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-500\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-500\INFO2" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\$ncsp$.inf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\asinst.cfg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\coh.cache" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\VGASwitch.bat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\xposer.cfg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\LuResult.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\emver.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\GWISP.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\preinstall.cmd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\register.bat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\hash.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\LuResult.txt" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\atid.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\avrack.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\smscfg.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\uccspecc.sys" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\UNSIGNED.LST" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\WindowsShellOld.Manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\WindowsShellOld.Manifest.1" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\QAWIN32.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\msoffice.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\New.flg" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\nsreg.dat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\ODBC.INI" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\liveup.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Installer\{1CB92574-96F2-467B-B793-5CEB35C40C29}\ARPPRODUCTICON.exe" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Installer\{1CB92574-96F2-467B-B793-5CEB35C40C29}\Readme.htm" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\QuickTimeFavorites.qtr" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Local Settings\Application Data\IM\Lex\private.tlx" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Local Settings\Application Data\IM\Logs\reg.log" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-1003\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-1003\INFO2" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-500\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\RECYCLER\S-1-5-21-376849671-2428409633-4025966157-500\INFO2" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\BPP\IRG Guide to HCE, 2e\._FOR_LM" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts\IBC\Pathophysiology\~$ysician specialties.doc" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.03.22.01

    Windows XP Service Pack 3 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.6001.18702
    Owner :: YOUR-E7C4726E5B [administrator]

    4/17/2013 12:15:35 AM
    mbar-log-2013-04-17 (00-15-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 25498
    Time elapsed: 40 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I don't see anything malicious there.

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
  9. KliaMia

    KliaMia TS Rookie Topic Starter

    Thank you for checking. My Avast had picked up and deleted a trojan recently, and since then I've been unable to figure out the reason for the poor performance and odd behaviors. I appreciate your help, and I'll move to the Windows forum.
  10. Broni

    Broni Malware Annihilator Posts: 46,775   +254



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.