benfredja

Thanx for your reply, but before doing what you suggest,is ist normal, that a lots of svchost.exe are running in task manager,there is lots of settings.ini and desktop.ini, duplication of the file Appdata, could you please explain me more how this happen. kind regards Anis

OOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2011/07/16 01:57 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS Address: 0x8B6B0000 Size: 57344 File Visible: - Signed: Yes Status: - Name: 2BD4.tmp Image Path: C:\Windows\system32\2BD4.tmp Address: 0x82F16000 Size: 6144 File Visible: No Signed: No Status: - Name: acpi.sys Image Path: C:\Windows\system32\drivers\acpi.sys Address: 0x8068E000 Size: 286720 File Visible: - Signed: Yes Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x83615000 Size: 3907584 File Visible: - Signed: Yes Status: - Name: afd.sys Image Path: C:\Windows\system32\drivers\afd.sys Address: 0x91158000 Size: 294912 File Visible: - Signed: Yes Status: - Name: Apfiltr.sys Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys Address: 0x8B762000 Size: 274432 File Visible: - Signed: Yes Status: - Name: atapi.sys Image Path: C:\Windows\system32\drivers\atapi.sys Address: 0x807A6000 Size: 32768 File Visible: - Signed: Yes Status: - Name: ataport.SYS Image Path: C:\Windows\system32\drivers\ataport.SYS Address: 0x807AE000 Size: 122880 File Visible: - Signed: Yes Status: - Name: BATTC.SYS Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS Address: 0x8071E000 Size: 40960 File Visible: - Signed: Yes Status: - Name: bcmwl6.sys Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys Address: 0x8B407000 Size: 2723840 File Visible: - Signed: Yes Status: - Name: Beep.SYS Image Path: C:\Windows\System32\Drivers\Beep.SYS Address: 0x91096000 Size: 28672 File Visible: - Signed: Yes Status: - Name: BOOTVID.dll Image Path: C:\Windows\system32\BOOTVID.dll Address: 0x80490000 Size: 32768 File Visible: - Signed: Yes Status: - Name: bowser.sys Image Path: C:\Windows\system32\DRIVERS\bowser.sys Address: 0x8208A000 Size: 102400 File Visible: - Signed: Yes Status: - Name: BthEnum.sys Image Path: C:\Windows\system32\DRIVERS\BthEnum.sys Address: 0x8CB5C000 Size: 40960 File Visible: - Signed: Yes Status: - Name: bthpan.sys Image Path: C:\Windows\system32\DRIVERS\bthpan.sys Address: 0x8CB66000 Size: 106496 File Visible: - Signed: Yes Status: - Name: bthport.sys Image Path: C:\Windows\System32\Drivers\bthport.sys Address: 0x8CA82000 Size: 524288 File Visible: - Signed: Yes Status: - Name: BTHUSB.sys Image Path: C:\Windows\System32\Drivers\BTHUSB.sys Address: 0x8CA75000 Size: 53248 File Visible: - Signed: Yes Status: - Name: btwaudio.sys Image Path: C:\Windows\system32\drivers\btwaudio.sys Address: 0x91008000 Size: 503808 File Visible: - Signed: Yes Status: - Name: btwavdt.sys Image Path: C:\Windows\system32\drivers\btwavdt.sys Address: 0x8CB80000 Size: 417792 File Visible: - Signed: Yes Status: - Name: btwrchid.sys Image Path: C:\Windows\system32\DRIVERS\btwrchid.sys Address: 0x91083000 Size: 9600 File Visible: - Signed: Yes Status: - Name: cdd.dll Image Path: C:\Windows\System32\cdd.dll Address: 0x9A930000 Size: 57344 File Visible: - Signed: Yes Status: - Name: cdfs.sys Image Path: C:\Windows\system32\DRIVERS\cdfs.sys Address: 0x91C68000 Size: 90112 File Visible: - Signed: Yes Status: - Name: cdrom.sys Image Path: C:\Windows\system32\DRIVERS\cdrom.sys Address: 0x8B7BB000 Size: 98304 File Visible: - Signed: Yes Status: - Name: CI.dll Image Path: C:\Windows\system32\CI.dll Address: 0x804D9000 Size: 917504 File Visible: - Signed: Yes Status: - Name: CLASSPNP.SYS Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS Address: 0x879A5000 Size: 135168 File Visible: - Signed: Yes Status: - Name: CLFS.SYS Image Path: C:\Windows\system32\CLFS.SYS Address: 0x80498000 Size: 266240 File Visible: - Signed: Yes Status: - Name: CmBatt.sys Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys Address: 0x8B7D3000 Size: 14208 File Visible: - Signed: Yes Status: - Name: compbatt.sys Image Path: C:\Windows\system32\DRIVERS\compbatt.sys Address: 0x8071B000 Size: 10496 File Visible: - Signed: Yes Status: - Name: crashdmp.sys Image Path: C:\Windows\System32\Drivers\crashdmp.sys Address: 0x91C7E000 Size: 53248 File Visible: - Signed: Yes Status: - Name: crcdisk.sys Image Path: C:\Windows\system32\drivers\crcdisk.sys Address: 0x879C6000 Size: 36864 File Visible: - Signed: Yes Status: - Name: dfsc.sys Image Path: C:\Windows\System32\Drivers\dfsc.sys Address: 0x91C51000 Size: 94208 File Visible: - Signed: Yes Status: - Name: disk.sys Image Path: C:\Windows\system32\drivers\disk.sys Address: 0x87994000 Size: 69632 File Visible: - Signed: Yes Status: - Name: drmk.sys Image Path: C:\Windows\system32\drivers\drmk.sys Address: 0x8C769000 Size: 151552 File Visible: - Signed: Yes Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x91C8B000 Size: 45056 File Visible: No Signed: No Status: - Name: dump_msahci.sys Image Path: C:\Windows\System32\Drivers\dump_msahci.sys Address: 0x91C96000 Size: 40960 File Visible: No Signed: No Status: - Name: Dxapi.sys Image Path: C:\Windows\System32\drivers\Dxapi.sys Address: 0x91CA0000 Size: 40960 File Visible: - Signed: Yes Status: - Name: dxgkrnl.sys Image Path: C:\Windows\System32\drivers\dxgkrnl.sys Address: 0x8C05B000 Size: 655360 File Visible: - Signed: Yes Status: - Name: ecache.sys Image Path: C:\Windows\System32\drivers\ecache.sys Address: 0x8796D000 Size: 159744 File Visible: - Signed: Yes Status: - Name: fileinfo.sys Image Path: C:\Windows\system32\drivers\fileinfo.sys Address: 0x807D6000 Size: 65536 File Visible: - Signed: Yes Status: - Name: fltmgr.sys Image Path: C:\Windows\system32\drivers\fltmgr.sys Address: 0x805B9000 Size: 204800 File Visible: - Signed: Yes Status: - Name: Fs_Rec.SYS Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS Address: 0x91086000 Size: 36864 File Visible: - Signed: Yes Status: - Name: fwpkclnt.sys Image Path: C:\Windows\System32\drivers\fwpkclnt.sys Address: 0x876F8000 Size: 110592 File Visible: - Signed: Yes Status: - Name: hal.dll Image Path: C:\Windows\system32\hal.dll Address: 0x839CF000 Size: 208896 File Visible: - Signed: Yes Status: - Name: HDAudBus.sys Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys Address: 0x8C15F000 Size: 577536 File Visible: - Signed: Yes Status: - Name: HdAudio.sys Image Path: C:\Windows\system32\drivers\HdAudio.sys Address: 0x8C78E000 Size: 258048 File Visible: - Signed: Yes Status: - Name: HIDCLASS.SYS Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS Address: 0x8CB0B000 Size: 65536 File Visible: - Signed: Yes Status: - Name: HIDPARSE.SYS Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS Address: 0x8CB1B000 Size: 28672 File Visible: - Signed: Yes Status: - Name: hidusb.sys Image Path: C:\Windows\system32\DRIVERS\hidusb.sys Address: 0x8CB02000 Size: 36864 File Visible: - Signed: Yes Status: - Name: HTTP.sys Image Path: C:\Windows\system32\drivers\HTTP.sys Address: 0x82000000 Size: 446464 File Visible: - Signed: Yes Status: - Name: i8042prt.sys Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys Address: 0x8B74F000 Size: 77824 File Visible: - Signed: Yes Status: - Name: igdkmd32.sys Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys Address: 0x8BA0E000 Size: 6606848 File Visible: - Signed: Yes Status: - Name: IntcHdmi.sys Image Path: C:\Windows\system32\drivers\IntcHdmi.sys Address: 0x8C9C7000 Size: 135168 File Visible: - Signed: Yes Status: - Name: intelide.sys Image Path: C:\Windows\system32\drivers\intelide.sys Address: 0x80781000 Size: 28672 File Visible: - Signed: Yes Status: - Name: intelppm.sys Image Path: C:\Windows\system32\DRIVERS\intelppm.sys Address: 0x87713000 Size: 61440 File Visible: - Signed: Yes Status: - Name: kbdclass.sys Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys Address: 0x8B7B0000 Size: 45056 File Visible: - Signed: Yes Status: - Name: kbdhid.sys Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys Address: 0x8CB22000 Size: 36864 File Visible: - Signed: Yes Status: - Name: kdcom.dll Image Path: C:\Windows\system32\kdcom.dll Address: 0x80408000 Size: 28672 File Visible: - Signed: Yes Status: - Name: ks.sys Image Path: C:\Windows\system32\DRIVERS\ks.sys Address: 0x8C679000 Size: 172032 File Visible: - Signed: Yes Status: - Name: ksecdd.sys Image Path: C:\Windows\System32\Drivers\ksecdd.sys Address: 0x87405000 Size: 462848 File Visible: - Signed: Yes Status: - Name: lltdio.sys Image Path: C:\Windows\system32\DRIVERS\lltdio.sys Address: 0x91CD4000 Size: 65536 File Visible: - Signed: Yes Status: - Name: luafv.sys Image Path: C:\Windows\system32\drivers\luafv.sys Address: 0x91CB9000 Size: 110592 File Visible: - Signed: Yes Status: - Name: mcupdate_GenuineIntel.dll Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll Address: 0x8040F000 Size: 458752 File Visible: - Signed: Yes Status: - Name: modem.sys Image Path: C:\Windows\system32\drivers\modem.sys Address: 0x8C9BA000 Size: 53248 File Visible: - Signed: Yes Status: - Name: monitor.sys Image Path: C:\Windows\system32\DRIVERS\monitor.sys Address: 0x91CAA000 Size: 61440 File Visible: - Signed: Yes Status: - Name: mouclass.sys Image Path: C:\Windows\system32\DRIVERS\mouclass.sys Address: 0x8B7A5000 Size: 45056 File Visible: - Signed: Yes Status: - Name: mouhid.sys Image Path: C:\Windows\system32\DRIVERS\mouhid.sys Address: 0x8CB2B000 Size: 32768 File Visible: - Signed: Yes Status: - Name: mountmgr.sys Image Path: C:\Windows\System32\drivers\mountmgr.sys Address: 0x80796000 Size: 65536 File Visible: - Signed: Yes Status: - Name: MpFilter.sys Image Path: C:\Windows\system32\DRIVERS\MpFilter.sys Address: 0x8CA49000 Size: 157696 File Visible: - Signed: Yes Status: - Name: MpKsl488432f8.sys Image Path: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC46A3F8-A519-4884-B44E-BD8FE30D50C3}\MpKsl488432f8.sys Address: 0x82F10000 Size: 22784 File Visible: - Signed: Yes Status: - Name: MpNWMon.sys Image Path: C:\Windows\system32\DRIVERS\MpNWMon.sys Address: 0x821C0000 Size: 37376 File Visible: - Signed: Yes Status: - Name: mpsdrv.sys Image Path: C:\Windows\System32\drivers\mpsdrv.sys Address: 0x820A3000 Size: 86016 File Visible: - Signed: Yes Status: - Name: mrxdav.sys Image Path: C:\Windows\system32\drivers\mrxdav.sys Address: 0x820B8000 Size: 135168 File Visible: - Signed: Yes Status: - Name: mrxsmb.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys Address: 0x820D9000 Size: 126976 File Visible: - Signed: Yes Status: - Name: mrxsmb10.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys Address: 0x820F8000 Size: 233472 File Visible: - Signed: Yes Status: - Name: mrxsmb20.sys Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys Address: 0x82131000 Size: 98304 File Visible: - Signed: Yes Status: - Name: msahci.sys Image Path: C:\Windows\system32\drivers\msahci.sys Address: 0x807CC000 Size: 40960 File Visible: - Signed: Yes Status: - Name: Msfs.SYS Image Path: C:\Windows\System32\Drivers\Msfs.SYS Address: 0x910DA000 Size: 45056 File Visible: - Signed: Yes Status: - Name: msisadrv.sys Image Path: C:\Windows\system32\drivers\msisadrv.sys Address: 0x806DD000 Size: 32768 File Visible: - Signed: Yes Status: - Name: msiscsi.sys Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys Address: 0x87772000 Size: 192512 File Visible: - Signed: Yes Status: - Name: msrpc.sys Image Path: C:\Windows\system32\drivers\msrpc.sys Address: 0x87581000 Size: 176128 File Visible: - Signed: Yes Status: - Name: mssmbios.sys Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys Address: 0x8C6A3000 Size: 40960 File Visible: - Signed: Yes Status: - Name: mup.sys Image Path: C:\Windows\System32\Drivers\mup.sys Address: 0x8795E000 Size: 61440 File Visible: - Signed: Yes Status: - Name: ndis.sys Image Path: C:\Windows\system32\drivers\ndis.sys Address: 0x87476000 Size: 1093632 File Visible: - Signed: Yes Status: - Name: ndistapi.sys Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys Address: 0x8B7EB000 Size: 45056 File Visible: - Signed: Yes Status: - Name: ndisuio.sys Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys Address: 0x91D0E000 Size: 40960 File Visible: - Signed: Yes Status: - Name: ndiswan.sys Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys Address: 0x8C60C000 Size: 143360 File Visible: - Signed: Yes Status: - Name: NDProxy.SYS Image Path: C:\Windows\System32\Drivers\NDProxy.SYS Address: 0x8C6EF000 Size: 69632 File Visible: - Signed: Yes Status: - Name: netbios.sys Image Path: C:\Windows\system32\DRIVERS\netbios.sys Address: 0x911BF000 Size: 57344 File Visible: - Signed: Yes Status: - Name: netbt.sys Image Path: C:\Windows\System32\DRIVERS\netbt.sys Address: 0x91126000 Size: 204800 File Visible: - Signed: Yes Status: - Name: NETIO.SYS Image Path: C:\Windows\system32\drivers\NETIO.SYS Address: 0x875AC000 Size: 241664 File Visible: - Signed: Yes Status: - Name: npf.sys Image Path: C:\Windows\system32\drivers\npf.sys Address: 0x821E2000 Size: 61440 File Visible: - Signed: Yes Status: - Name: Npfs.SYS Image Path: C:\Windows\System32\Drivers\Npfs.SYS Address: 0x910E5000 Size: 57344 File Visible: - Signed: Yes Status: - Name: nsiproxy.sys Image Path: C:\Windows\system32\drivers\nsiproxy.sys Address: 0x91C47000 Size: 40960 File Visible: - Signed: Yes Status: - Name: Ntfs.sys Image Path: C:\Windows\System32\Drivers\Ntfs.sys Address: 0x8780D000 Size: 1114112 File Visible: - Signed: Yes Status: - Name: ntkrnlpa.exe Image Path: C:\Windows\system32\ntkrnlpa.exe Address: 0x83615000 Size: 3907584 File Visible: - Signed: Yes Status: - Name: Null.SYS Image Path: C:\Windows\System32\Drivers\Null.SYS Address: 0x9108F000 Size: 28672 File Visible: - Signed: Yes Status: - Name: nwifi.sys Image Path: C:\Windows\system32\DRIVERS\nwifi.sys Address: 0x91CE4000 Size: 172032 File Visible: - Signed: Yes Status: - Name: OEM02Dev.sys Image Path: C:\Windows\system32\DRIVERS\OEM02Dev.sys Address: 0x8CA0D000 Size: 235648 File Visible: - Signed: Yes Status: - Name: OEM02Vfx.sys Image Path: C:\Windows\system32\DRIVERS\OEM02Vfx.sys Address: 0x8CA47000 Size: 7424 File Visible: - Signed: Yes Status: - Name: ohci1394.sys Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys Address: 0x8B6A0000 Size: 62208 File Visible: - Signed: Yes Status: - Name: pacer.sys Image Path: C:\Windows\system32\DRIVERS\pacer.sys Address: 0x911A9000 Size: 90112 File Visible: - Signed: Yes Status: - Name: partmgr.sys Image Path: C:\Windows\System32\drivers\partmgr.sys Address: 0x8070C000 Size: 61440 File Visible: - Signed: Yes Status: - Name: pci.sys Image Path: C:\Windows\system32\drivers\pci.sys Address: 0x806E5000 Size: 159744 File Visible: - Signed: Yes Status: - Name: PCIIDEX.SYS Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS Address: 0x80788000 Size: 57344 File Visible: - Signed: Yes Status: - Name: peauth.sys Image Path: C:\Windows\system32\drivers\peauth.sys Address: 0x82E0D000 Size: 909312 File Visible: - Signed: Yes Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x83615000 Size: 3907584 File Visible: - Signed: Yes Status: - Name: portcls.sys Image Path: C:\Windows\system32\drivers\portcls.sys Address: 0x8C73C000 Size: 184320 File Visible: - Signed: Yes Status: - Name: PSHED.dll Image Path: C:\Windows\system32\PSHED.dll Address: 0x8047F000 Size: 69632 File Visible: - Signed: Yes Status: - Name: rasacd.sys Image Path: C:\Windows\System32\DRIVERS\rasacd.sys Address: 0x910F3000 Size: 36864 File Visible: - Signed: Yes Status: - Name: rasl2tp.sys Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys Address: 0x877E2000 Size: 94208 File Visible: - Signed: Yes Status: - Name: raspppoe.sys Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys Address: 0x8C62F000 Size: 61440 File Visible: - Signed: Yes Status: - Name: raspptp.sys Image Path: C:\Windows\system32\DRIVERS\raspptp.sys Address: 0x8C63E000 Size: 81920 File Visible: - Signed: Yes Status: - Name: rassstp.sys Image Path: C:\Windows\system32\DRIVERS\rassstp.sys Address: 0x8C652000 Size: 86016 File Visible: - Signed: Yes Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x83615000 Size: 3907584 File Visible: - Signed: Yes Status: - Name: rdbss.sys Image Path: C:\Windows\system32\DRIVERS\rdbss.sys Address: 0x91C0B000 Size: 245760 File Visible: - Signed: Yes Status: - Name: RDPCDD.sys Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys Address: 0x910CA000 Size: 32768 File Visible: - Signed: Yes Status: - Name: rdpencdd.sys Image Path: C:\Windows\system32\drivers\rdpencdd.sys Address: 0x910D2000 Size: 32768 File Visible: - Signed: Yes Status: - Name: rfcomm.sys Image Path: C:\Windows\system32\DRIVERS\rfcomm.sys Address: 0x8CB33000 Size: 167936 File Visible: - Signed: Yes Status: - Name: rimmptsk.sys Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys Address: 0x8B6D8000 Size: 69632 File Visible: - Signed: Yes Status: - Name: rimsptsk.sys Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys Address: 0x8B6E9000 Size: 81920 File Visible: - Signed: Yes Status: - Name: rixdptsk.sys Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys Address: 0x8B6FD000 Size: 335872 File Visible: - Signed: Yes Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x82F2E000 Size: 49152 File Visible: No Signed: No Status: - Name: rspndr.sys Image Path: C:\Windows\system32\DRIVERS\rspndr.sys Address: 0x91DC8000 Size: 77824 File Visible: - Signed: Yes Status: - Name: sdbus.sys Image Path: C:\Windows\system32\DRIVERS\sdbus.sys Address: 0x8B6BE000 Size: 106496 File Visible: - Signed: Yes Status: - Name: secdrv.SYS Image Path: C:\Windows\System32\Drivers\secdrv.SYS Address: 0x82EEB000 Size: 40960 File Visible: - Signed: Yes Status: - Name: smb.sys Image Path: C:\Windows\system32\DRIVERS\smb.sys Address: 0x91112000 Size: 81920 File Visible: - Signed: Yes Status: - Name: spldr.sys Image Path: C:\Windows\System32\Drivers\spldr.sys Address: 0x87956000 Size: 32768 File Visible: - Signed: Yes Status: - Name: spsys.sys Image Path: C:\Windows\system32\drivers\spsys.sys Address: 0x91D18000 Size: 720896 File Visible: - Signed: Yes Status: - Name: srv.sys Image Path: C:\Windows\System32\DRIVERS\srv.sys Address: 0x82171000 Size: 323584 File Visible: - Signed: Yes Status: - Name: srv2.sys Image Path: C:\Windows\System32\DRIVERS\srv2.sys Address: 0x82149000 Size: 163840 File Visible: - Signed: Yes Status: - Name: srvnet.sys Image Path: C:\Windows\System32\DRIVERS\srvnet.sys Address: 0x8206D000 Size: 118784 File Visible: - Signed: Yes Status: - Name: storport.sys Image Path: C:\Windows\system32\DRIVERS\storport.sys Address: 0x877A1000 Size: 266240 File Visible: - Signed: Yes Status: - Name: swenum.sys Image Path: C:\Windows\system32\DRIVERS\swenum.sys Address: 0x8C677000 Size: 4992 File Visible: - Signed: Yes Status: - Name: tcpip.sys Image Path: C:\Windows\System32\drivers\tcpip.sys Address: 0x8760B000 Size: 970752 File Visible: - Signed: Yes Status: - Name: tcpipreg.sys Image Path: C:\Windows\System32\drivers\tcpipreg.sys Address: 0x82EF5000 Size: 49152 File Visible: - Signed: Yes Status: - Name: TDI.SYS Image Path: C:\Windows\system32\DRIVERS\TDI.SYS Address: 0x8B7E0000 Size: 45056 File Visible: - Signed: Yes Status: - Name: tdx.sys Image Path: C:\Windows\system32\DRIVERS\tdx.sys Address: 0x910FC000 Size: 90112 File Visible: - Signed: Yes Status: - Name: termdd.sys Image Path: C:\Windows\system32\DRIVERS\termdd.sys Address: 0x8C667000 Size: 65536 File Visible: - Signed: Yes Status: - Name: TSDDD.dll Image Path: C:\Windows\System32\TSDDD.dll Address: 0x9A8F0000 Size: 36864 File Visible: - Signed: Yes Status: - Name: tunmp.sys Image Path: C:\Windows\system32\DRIVERS\tunmp.sys Address: 0x87800000 Size: 36864 File Visible: - Signed: Yes Status: - Name: tunnel.sys Image Path: C:\Windows\system32\DRIVERS\tunnel.sys Address: 0x879F1000 Size: 45056 File Visible: - Signed: Yes Status: - Name: umbus.sys Image Path: C:\Windows\system32\DRIVERS\umbus.sys Address: 0x8C6AD000 Size: 53248 File Visible: - Signed: Yes Status: - Name: usbccgp.sys Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys Address: 0x8C9E8000 Size: 94208 File Visible: - Signed: Yes Status: - Name: USBD.SYS Image Path: C:\Windows\system32\DRIVERS\USBD.SYS Address: 0x8C800000 Size: 8192 File Visible: - Signed: Yes Status: - Name: usbehci.sys Image Path: C:\Windows\system32\DRIVERS\usbehci.sys Address: 0x8C150000 Size: 61440 File Visible: - Signed: Yes Status: - Name: usbhub.sys Image Path: C:\Windows\system32\DRIVERS\usbhub.sys Address: 0x8C6BA000 Size: 217088 File Visible: - Signed: Yes Status: - Name: USBPORT.SYS Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS Address: 0x8C112000 Size: 253952 File Visible: - Signed: Yes Status: - Name: usbuhci.sys Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys Address: 0x8C107000 Size: 45056 File Visible: - Signed: Yes Status: - Name: vga.sys Image Path: C:\Windows\System32\drivers\vga.sys Address: 0x9109D000 Size: 49152 File Visible: - Signed: Yes Status: - Name: VIDEOPRT.SYS Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS Address: 0x910A9000 Size: 135168 File Visible: - Signed: Yes Status: - Name: volmgr.sys Image Path: C:\Windows\system32\drivers\volmgr.sys Address: 0x80728000 Size: 61440 File Visible: - Signed: Yes Status: - Name: volmgrx.sys Image Path: C:\Windows\System32\drivers\volmgrx.sys Address: 0x80737000 Size: 303104 File Visible: - Signed: Yes Status: - Name: volsnap.sys Image Path: C:\Windows\system32\drivers\volsnap.sys Address: 0x8791D000 Size: 233472 File Visible: - Signed: Yes Status: - Name: VSTAZL3.SYS Image Path: C:\Windows\system32\DRIVERS\VSTAZL3.SYS Address: 0x8C700000 Size: 245760 File Visible: - Signed: Yes Status: - Name: VSTCNXT3.SYS Image Path: C:\Windows\system32\DRIVERS\VSTCNXT3.SYS Address: 0x8C907000 Size: 733184 File Visible: - Signed: Yes Status: - Name: VSTDPV3.SYS Image Path: C:\Windows\system32\DRIVERS\VSTDPV3.SYS Address: 0x8C803000 Size: 1064960 File Visible: - Signed: Yes Status: - Name: wanarp.sys Image Path: C:\Windows\system32\DRIVERS\wanarp.sys Address: 0x911CD000 Size: 77824 File Visible: - Signed: Yes Status: - Name: watchdog.sys Image Path: C:\Windows\System32\drivers\watchdog.sys Address: 0x8C0FB000 Size: 49152 File Visible: - Signed: Yes Status: - Name: Wdf01000.sys Image Path: C:\Windows\system32\drivers\Wdf01000.sys Address: 0x8060F000 Size: 462848 File Visible: - Signed: Yes Status: - Name: WDFLDR.SYS Image Path: C:\Windows\system32\drivers\WDFLDR.SYS Address: 0x80680000 Size: 57344 File Visible: - Signed: Yes Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0x9A6D0000 Size: 2113536 File Visible: - Signed: Yes Status: - Name: win32k.sys Image Path: C:\Windows\System32\win32k.sys Address: 0x9A6D0000 Size: 2113536 File Visible: - Signed: Yes Status: - Name: wmiacpi.sys Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys Address: 0x8B7D7000 Size: 36864 File Visible: - Signed: Yes Status: - Name: WMILIB.SYS Image Path: C:\Windows\system32\drivers\WMILIB.SYS Address: 0x806D4000 Size: 36864 File Visible: - Signed: Yes Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x83615000 Size: 3907584 File Visible: - Signed: Yes Status: - Name: ws2ifsl.sys Image Path: C:\Windows\system32\drivers\ws2ifsl.sys Address: 0x911A0000 Size: 36864 File Visible: - Signed: Yes Status: - Name: yk60x86.sys Image Path: C:\Windows\system32\DRIVERS\yk60x86.sys Address: 0x87722000 Size: 327680 File Visible: - Signed: Yes Status: - thanks a lot for your assistance

Thanks for your reply, it looks like a virus is controlling my windows, there is a lots of files which i don't recongize and i can't access, i had kasperski and malwarevytes running they initially detected win32 trojan i deleted, tought is gone but since that the system is very slow, this last week i experienced blue screen 3 times, CD drive dosen't read, i tried to burn a CD with a photo file it communicate time remainig 4 days. actually the AV i'am using is microsoft essentials, when i run it always nothing, i habe also noticed my internet explorer is hijacked. i downloaded root repeal it's showing most of the files locked to windows API i have no ideas how to proceed here is the report ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2011/07/16 01:54 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Hidden/Locked Files ------------------- Path: C:\System Volume Information\{1844e2de-ad71-11e0-adb9-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{2b657f8b-ae1c-11e0-8256-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4f6c32b7-ae0f-11e0-84bf-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4f6c32bb-ae0f-11e0-84bf-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4f6c32bf-ae0f-11e0-84bf-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4f6c32c3-ae0f-11e0-84bf-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{72ae8255-aedc-11e0-be6c-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c300d555-ad60-11e0-b7fc-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4de39e0d118f2d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_4db63e267dcf142c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_6b8a9829b015faa3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0bf52b884e4a7f2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f0f2581af89e6e01.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_f480bfaef65491a5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_ed01d9e4fb230e88.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_49f31fd71413cdc6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_80ba6c811e9b4aff.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_517205a10f4550e3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_3b1209fdc9ac7774.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0e93acbbb72b8e69.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\NAVIGA~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~3.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WEBADM~4.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ca109e9c4204d3bf\WED669~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WIZARD~4.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI1344~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.16720_none_66f75d098c217f33\WI5BF5~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WIZARD~4.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI1344~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6000.20883_none_502f73ada5c3c426\WI5BF5~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WIZARD~4.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI1344~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.18111_none_66d241bf8c738bd4\WI5BF5~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~2.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~3.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WIZARD~4.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI1344~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_b03f5f7f11d50a3a_6.0.6001.22230_none_5006b25ba61904e7\WI5BF5~1.ASC Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\CHOOSE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~2.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\PROVID~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.16720_none_fc112931b73e055f\GLOBAL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.20883_none_e5493fd5d0e04a52\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6000.20883_none_e5493fd5d0e04a52\GLOBAL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.18111_none_fbec0de7b7901200\GLOBAL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\APPCON~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_res_res_b03f5f7f11d50a3a_6.0.6001.22230_none_e5207e83d1358b13\GLOBAL~1.RES Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6000.16720_none_75ed8ff3a0e5994f\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6000.20883_none_5f25a697ba87de42\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WE5915~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBE69~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~2.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~3.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WE5915~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBE69~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~2.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~3.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WE5915~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBE69~1.MAS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6000.16720_none_7cdc4e91b93964e9\APPLIC~1.CS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6000.20883_none_66146535d2dba9dc\APPLIC~1.CS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6001.18111_none_7cb73347b98b718a\APPLIC~1.CS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_code_b03f5f7f11d50a3a_6.0.6001.22230_none_65eba3e3d330ea9d\APPLIC~1.CS Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.16720_none_7c904d7bb970f7cd\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6000.20883_none_65c8641fd3133cc0\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6000.16720_none_de8fef9cea4fec76\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6000.20883_none_c7c8064103f23169\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6001.18111_none_de6ad452eaa1f917\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallpersistsql_b03f5f7f11d50a3a_6.0.6001.22230_none_c79f44ef0447722a\UNINST~1.SQL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.18096_none_254e460eb451d38b\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6001.22208_none_263b349fcd24a7b1\_SERVI~1.H Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_none_0bca521ee450d037\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_none_0c16103ffd9c63ac\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_none_0dbc60fae16e5e8e\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_none_0e2f5da3fa9d1ce3\NETFXS~1.HKF Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.16708_none_23cb592eb6e076f6\_SERVI~1.H Status: Locked to the Windows API! Path: c:\users\anis\appdata\local\temp\~dfe1a7.tmp Status: Allocation size mismatch (API: 1114112, Raw: 16384) Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Users\user\AppData\Local\Apps\2.0\7PNTZEL6.V9G\TZM9PMAV.L97\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Users\user\AppData\Local\Apps\2.0\7PNTZEL6.V9G\TZM9PMAV.L97\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! Path: D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: D:\System Volume Information\{65eee552-aa2d-11e0-9cb6-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: D:\System Volume Information\{65eee5a2-aa2d-11e0-9cb6-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: D:\System Volume Information\{65eee5af-aa2d-11e0-9cb6-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: D:\System Volume Information\{a65bf9f6-aa4d-11e0-b2fc-001dd9eca94f}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API!

Dear Expert, i think i'am badly infected by a trojan virus and his taking control of my windows, i can't find the msconfig any more, i did online scan with esest yesterday had found virus and cleaned them, but malwarebytes doesn't detect any think, what i tried is i have created a new acount with admin rights and tried to clean with installing new anti virus Eset Nod32,worked fine for one day now it is telling scanner initialization failed. i have used DDS and Seurity chek log are below and also Combo fix. thank you for your help . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.19088 Run by Anis at 21:06:47 on 2011-07-10 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.269 [GMT 4:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\system32\WLANExt.exe C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\CISVC.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Windows\System32\svchost.exe -k ipripsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\tcpsvcs.exe C:\Windows\System32\snmp.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\OEM02Mon.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\wpcumi.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\OEM02Mon.exe C:\Program Files\DellTPad\Apoint.exe C:\Windows\System32\wpcumi.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\system32\igfxsrvc.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.om/ mStart Page = about:blank BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - c:\progra~1\winzip~1\wzwmcie.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm LSP: c:\windows\system32\wpclsp.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 188.135.0.23 188.135.0.24 TCP: Interfaces\{C7A4A52D-EF74-4EB9-9706-9EF2344FE52E} : DhcpNameServer = 188.135.0.23 188.135.0.24 Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-12-21 137144] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-12-21 95384] R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-6-25 111616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-07-10 15:30:55 -------- d-----w- c:\users\anis\appdata\local\ESET 2011-07-10 13:39:55 -------- d-----w- C:\inetpub 2011-07-10 11:16:13 -------- d-----w- c:\users\anis\appdata\local\WinZip Courier 2011-07-09 20:33:58 -------- d-sh--w- C:\$RECYCLE.BIN 2011-07-09 20:33:48 -------- d-----w- c:\users\anis\appdata\local\temp 2011-07-09 19:19:48 -------- d-----w- c:\users\anis\appdata\local\PackageAware 2011-07-09 19:19:30 172032 ----a-w- c:\windows\system32\igfxres.dll 2011-07-09 18:06:55 -------- d-----w- c:\program files\ESET 2011-07-09 17:27:17 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1e9c75fb-659b-4e64-a6b8-ee15f30a7944}\mpengine.dll 2011-07-09 14:06:28 -------- d-----w- c:\users\anis\appdata\local\WinZip 2011-07-09 12:58:34 -------- d-----w- c:\users\anis\appdata\roaming\Malwarebytes 2011-07-09 12:45:50 -------- d-----w- c:\users\anis\appdata\roaming\AVG10 2011-07-09 12:45:20 -------- d-----w- c:\users\anis\Bluetooth Software 2011-07-08 14:26:02 -------- d-----w- c:\program files\common files\PC Tools 2011-07-08 14:26:01 -------- d-----w- c:\program files\Spyware Doctor 2011-07-08 13:34:56 -------- d-----w- c:\programdata\SecTaskMan 2011-07-08 13:33:41 -------- d-----w- c:\program files\Security Task Manager 2011-07-08 13:30:55 -------- d-----w- c:\programdata\WinZipEC 2011-07-08 13:30:48 -------- d-----w- c:\program files\WinZip Courier 2011-07-08 13:30:41 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP 2011-07-04 15:04:11 -------- d--h--w- c:\programdata\Common Files 2011-07-04 14:59:30 -------- d-----w- c:\programdata\AVG10 2011-07-04 14:57:38 -------- d-----w- c:\program files\AVG 2011-07-04 14:20:37 -------- d-----w- c:\programdata\MFAData 2011-07-04 14:10:18 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2011-07-04 13:38:15 -------- d-----w- c:\programdata\Malwarebytes 2011-07-04 09:19:41 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2011-07-03 15:13:56 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-07-03 15:13:56 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-07-03 15:13:56 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-07-03 15:13:56 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-07-03 15:13:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-07-03 11:58:04 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2011-07-03 11:58:04 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2011-07-03 10:02:38 369952 ----a-w- c:\windows\system32\yk60x86.dll 2011-07-03 10:02:38 320288 ----a-w- c:\windows\system32\drivers\yk60x86.sys 2011-07-03 09:54:57 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-07-03 09:54:57 3555349 ----a-w- c:\windows\system32\bcmihvui.dll 2011-07-03 09:54:57 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2011-07-03 09:54:56 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll 2011-07-03 09:52:06 19464 ----a-w- c:\windows\system32\btinstall.dll 2011-07-03 09:44:06 -------- d-----w- c:\program files\DellTPad 2011-07-03 09:43:41 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2011-07-03 09:43:41 114616 ----a-w- c:\windows\system32\Vxdif.dll 2011-07-03 09:43:39 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2011-07-03 08:24:10 -------- d-----w- c:\programdata\Uniblue 2011-07-03 07:39:05 7680 ----a-w- c:\program files\internet explorer\iecompat.dll 2011-07-03 06:31:38 97800 ----a-w- c:\windows\system32\infocardapi.dll 2011-07-03 06:31:37 622080 ----a-w- c:\windows\system32\icardagt.exe 2011-07-03 06:31:37 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2011-07-03 06:31:37 11264 ----a-w- c:\windows\system32\icardres.dll 2011-07-03 06:31:37 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2011-07-03 06:31:30 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2011-07-03 06:20:09 158720 ----a-w- c:\windows\system32\mscorier.dll 2011-07-03 06:20:02 83968 ----a-w- c:\windows\system32\mscories.dll 2011-07-02 06:28:01 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-07-02 06:15:34 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2011-07-02 06:15:31 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2011-07-02 06:15:01 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2011-06-29 23:02:10 231936 ----a-w- c:\windows\system32\msshsq.dll 2011-06-29 10:51:37 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-06-29 10:51:36 17920 ----a-w- c:\windows\system32\netevent.dll 2011-06-29 10:51:13 74752 ----a-w- c:\windows\system32\newdev.exe 2011-06-29 10:51:13 468992 ----a-w- c:\windows\system32\newdev.dll 2011-06-29 10:51:08 378368 ----a-w- c:\windows\system32\winhttp.dll 2011-06-29 10:50:57 411136 ----a-w- c:\windows\system32\drivers\http.sys 2011-06-29 10:50:56 31232 ----a-w- c:\windows\system32\httpapi.dll 2011-06-29 10:50:56 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-06-29 10:50:15 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-29 08:48:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-06-29 08:48:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-06-29 06:49:43 719872 ----a-w- c:\windows\system32\devil.dll 2011-06-29 06:49:43 369152 ----a-w- c:\windows\system32\avisynth.dll 2011-06-29 06:49:42 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2011-06-29 06:49:42 70656 ----a-w- c:\windows\system32\i420vfw.dll 2011-06-29 06:49:41 -------- d-----w- c:\program files\AviSynth 2.5 2011-06-29 06:49:08 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll 2011-06-29 06:49:08 17712 ----a-w- c:\windows\system32\nitrolocalui.dll 2011-06-29 06:38:05 -------- d-----w- c:\program files\eRightSoft 2011-06-29 06:00:11 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll 2011-06-28 19:07:14 -------- d-----w- c:\programdata\Leawo 2011-06-28 19:06:55 606208 ----a-w- c:\windows\system32\xvidcore.dll 2011-06-28 19:06:55 139264 ----a-w- c:\windows\system32\xvid.ax 2011-06-28 17:26:36 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2011-06-28 17:26:36 511488 ----a-w- c:\windows\system32\RMActivate.exe 2011-06-28 17:26:36 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2011-06-28 17:26:35 472576 ----a-w- c:\windows\system32\secproc_isv.dll 2011-06-28 17:26:35 472064 ----a-w- c:\windows\system32\secproc.dll 2011-06-28 17:26:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2011-06-28 17:26:34 329216 ----a-w- c:\windows\system32\msdrm.dll 2011-06-28 17:26:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2011-06-28 17:26:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll 2011-06-28 17:16:43 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-28 17:16:43 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-06-28 17:16:41 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-28 17:15:26 1695744 ----a-w- c:\windows\system32\gameux.dll 2011-06-28 17:11:41 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2011-06-28 17:11:40 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-06-28 17:11:40 551424 ----a-w- c:\windows\system32\rpcss.dll 2011-06-28 17:11:39 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2011-06-28 17:11:38 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-06-28 17:11:38 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2011-06-28 17:11:37 98304 ----a-w- c:\windows\system32\iasrecst.dll 2011-06-28 17:11:37 54784 ----a-w- c:\windows\system32\iasads.dll 2011-06-28 17:11:37 44032 ----a-w- c:\windows\system32\iasdatastore.dll 2011-06-28 17:11:37 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-06-28 17:11:37 183296 ----a-w- c:\windows\system32\sdohlp.dll 2011-06-28 17:11:37 17408 ----a-w- c:\windows\system32\iashost.exe 2011-06-28 17:05:46 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-06-28 17:02:10 168960 ----a-w- c:\program files\windows media player\wmplayer.exe 2011-06-28 17:02:09 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-06-28 17:01:09 501760 ----a-w- c:\windows\system32\usp10.dll 2011-06-28 17:01:07 66048 ----a-w- c:\program files\windows mail\wabmig.exe 2011-06-28 17:01:07 515584 ----a-w- c:\program files\windows mail\wab.exe 2011-06-28 17:01:07 33280 ----a-w- c:\program files\windows mail\wabfind.dll 2011-06-28 17:00:32 292864 ----a-w- c:\windows\system32\atmfd.dll 2011-06-28 17:00:31 72704 ----a-w- c:\windows\system32\fontsub.dll 2011-06-28 17:00:31 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-06-28 17:00:31 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-06-28 17:00:19 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2011-06-28 17:00:12 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2011-06-28 17:00:12 57344 ----a-w- c:\program files\common files\system\msadc\msadcs.dll 2011-06-28 17:00:12 409600 ----a-w- c:\windows\system32\odbc32.dll 2011-06-28 17:00:12 253952 ----a-w- c:\program files\common files\system\ado\msadox.dll 2011-06-28 17:00:12 241664 ----a-w- c:\program files\common files\system\ado\msadomd.dll 2011-06-28 17:00:12 180224 ----a-w- c:\program files\common files\system\msadc\msadco.dll 2011-06-28 16:59:29 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-06-28 16:59:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2011-06-28 16:59:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2011-06-28 16:59:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2011-06-28 16:59:22 19968 ----a-w- c:\windows\system32\ARP.EXE 2011-06-28 16:59:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2011-06-28 16:59:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2011-06-28 16:59:22 104960 ----a-w- c:\windows\system32\netiohlp.dll 2011-06-28 16:59:22 10240 ----a-w- c:\windows\system32\finger.exe 2011-06-28 16:53:00 69632 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-06-28 16:52:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2011-06-28 16:52:54 513024 ----a-w- c:\windows\system32\wlansvc.dll 2011-06-28 16:52:54 302592 ----a-w- c:\windows\system32\wlansec.dll 2011-06-28 16:52:54 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2011-06-28 16:52:12 1399296 ----a-w- c:\windows\system32\msxml6.dll 2011-06-28 16:50:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-28 16:45:57 213504 ----a-w- c:\windows\system32\msv1_0.dll 2011-06-28 16:44:57 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-06-28 16:44:56 1161728 ----a-w- c:\windows\system32\mfc42u.dll 2011-06-28 16:44:29 1616384 ----a-w- c:\program files\windows mail\msoe.dll 2011-06-28 16:44:05 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-06-28 16:44:03 72192 ----a-w- c:\windows\system32\drivers\pacer.sys 2011-06-28 16:44:03 15360 ----a-w- c:\windows\system32\pacerprf.dll 2011-06-28 16:43:55 2868224 ----a-w- c:\windows\system32\mf.dll 2011-06-28 16:40:38 304640 ----a-w- c:\windows\system32\drivers\srv.sys 2011-06-28 16:40:15 86528 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-06-28 16:40:15 25088 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-06-28 16:40:10 67072 ----a-w- c:\windows\system32\asycfilt.dll 2011-06-28 16:40:08 71680 ----a-w- c:\windows\system32\atl.dll 2011-06-28 16:40:05 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe 2011-06-28 16:40:05 1315840 ----a-w- c:\windows\system32\ole32.dll 2011-06-28 16:39:51 296960 ----a-w- c:\windows\system32\gdi32.dll 2011-06-28 16:39:34 126464 ----a-w- c:\windows\system32\spoolsv.exe 2011-06-28 16:39:32 562176 ----a-w- c:\windows\system32\msdtcprx.dll 2011-06-28 16:39:32 38912 ----a-w- c:\windows\system32\xolehlp.dll 2011-06-28 16:39:17 160256 ----a-w- c:\windows\system32\wkssvc.dll 2011-06-28 16:39:15 157184 ----a-w- c:\windows\system32\t2embed.dll 2011-06-28 16:39:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-28 16:34:10 2040832 ----a-w- c:\windows\system32\win32k.sys 2011-06-28 16:33:51 269312 ----a-w- c:\windows\system32\es.dll 2011-06-28 16:33:47 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-06-28 16:33:45 303616 ----a-w- c:\windows\system32\wmpeffects.dll 2011-06-28 16:33:42 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe 2011-06-28 16:33:42 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll 2011-06-28 16:33:31 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-28 16:33:31 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-28 16:33:22 714240 ----a-w- c:\windows\system32\timedate.cpl 2011-06-28 16:28:19 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2011-06-28 16:23:39 636928 ----a-w- c:\windows\system32\localspl.dll 2011-06-28 16:23:02 563200 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-28 16:22:40 954752 ----a-w- c:\windows\system32\mfc40.dll 2011-06-28 16:22:40 954288 ----a-w- c:\windows\system32\mfc40u.dll 2011-06-28 16:19:19 36352 ----a-w- c:\windows\system32\rtutils.dll 2011-06-28 16:19:15 2927104 ----a-w- c:\windows\explorer.exe 2011-06-28 16:18:59 499712 ----a-w- c:\windows\system32\kerberos.dll 2011-06-28 16:18:59 175104 ----a-w- c:\windows\system32\wdigest.dll 2011-06-28 16:18:59 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2011-06-28 16:18:58 9728 ----a-w- c:\windows\system32\lsass.exe 2011-06-28 16:18:58 72704 ----a-w- c:\windows\system32\secur32.dll 2011-06-28 16:18:58 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-06-28 16:15:33 866816 ----a-w- c:\windows\system32\wmpmde.dll 2011-06-28 16:10:26 429056 ----a-w- c:\windows\system32\EncDec.dll 2011-06-28 16:10:26 323072 ----a-w- c:\windows\system32\sbe.dll 2011-06-28 16:10:25 177664 ----a-w- c:\windows\system32\mpg2splt.ax 2011-06-28 16:10:25 153088 ----a-w- c:\windows\system32\sbeio.dll 2011-06-28 16:10:17 62464 ----a-w- c:\windows\system32\l3codeca.acm 2011-06-28 16:09:49 1314816 ----a-w- c:\windows\system32\quartz.dll 2011-06-28 16:08:20 603648 ----a-w- c:\windows\system32\schedsvc.dll 2011-06-28 16:08:19 357376 ----a-w- c:\windows\system32\taskschd.dll 2011-06-28 16:08:19 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-06-28 16:08:19 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-06-28 16:08:19 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-06-28 16:07:58 738816 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-28 16:07:54 24064 ----a-w- c:\windows\system32\amxread.dll 2011-06-28 16:07:54 13824 ----a-w- c:\windows\system32\apilogen.dll 2011-06-28 16:04:46 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll 2011-06-28 16:04:46 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2011-06-28 16:04:46 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2011-06-28 16:04:36 81920 ----a-w- c:\windows\system32\consent.exe 2011-06-28 16:04:22 1257472 ----a-w- c:\windows\system32\msxml3.dll 2011-06-28 16:04:12 147456 ----a-w- c:\windows\system32\Faultrep.dll 2011-06-28 16:04:12 125952 ----a-w- c:\windows\system32\wersvc.dll 2011-06-28 16:03:53 443392 ----a-w- c:\windows\system32\win32spl.dll 2011-06-28 16:03:51 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2011-06-28 16:03:51 565248 ----a-w- c:\windows\system32\emdmgmt.dll 2011-06-28 16:03:51 45056 ----a-w- c:\windows\system32\dataclen.dll 2011-06-28 16:03:51 36864 ----a-w- c:\windows\system32\cdd.dll 2011-06-28 16:03:51 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys 2011-06-28 16:03:49 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys 2011-06-28 16:03:45 2048 ----a-w- c:\windows\system32\tzres.dll 2011-06-28 16:03:23 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2011-06-28 16:03:20 43520 ----a-w- c:\windows\system32\msdxm.tlb 2011-06-28 16:03:20 18432 ----a-w- c:\windows\system32\amcompat.tlb 2011-06-28 15:57:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-28 15:57:10 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-28 15:57:10 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-28 15:52:01 996352 ----a-w- c:\windows\system32\WMNetMgr.dll 2011-06-28 15:52:01 94720 ----a-w- c:\windows\system32\logagent.exe 2011-06-28 15:49:57 90112 ----a-w- c:\windows\system32\wshext.dll 2011-06-28 15:49:57 155648 ----a-w- c:\windows\system32\wscript.exe 2011-06-28 15:49:57 135168 ----a-w- c:\windows\system32\wshom.ocx 2011-06-28 15:49:57 135168 ----a-w- c:\windows\system32\cscript.exe 2011-06-28 15:49:56 180224 ----a-w- c:\windows\system32\scrobj.dll 2011-06-28 15:49:56 172032 ----a-w- c:\windows\system32\scrrun.dll 2011-06-28 15:49:39 61440 ----a-w- c:\windows\system32\msasn1.dll 2011-06-28 15:49:29 1645568 ----a-w- c:\windows\system32\connect.dll 2011-06-28 15:49:26 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2011-06-28 15:48:32 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-06-28 15:48:31 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-06-28 15:48:08 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-28 15:47:34 281600 ----a-w- c:\windows\system32\raschap.dll 2011-06-28 15:47:34 244224 ----a-w- c:\windows\system32\rastls.dll 2011-06-28 15:47:27 351232 ----a-w- c:\windows\system32\WSDApi.dll 2011-06-28 15:38:34 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-06-28 15:36:45 31744 ----a-w- c:\windows\system32\msvidc32.dll 2011-06-28 15:36:44 91136 ----a-w- c:\windows\system32\avifil32.dll 2011-06-28 15:36:44 82944 ----a-w- c:\windows\system32\mciavi32.dll 2011-06-28 15:36:44 65024 ----a-w- c:\windows\system32\avicap32.dll 2011-06-28 15:36:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2011-06-28 15:36:44 22528 ----a-w- c:\windows\system32\msyuv.dll 2011-06-28 15:36:44 13312 ----a-w- c:\windows\system32\msrle32.dll 2011-06-28 15:36:44 123904 ----a-w- c:\windows\system32\msvfw32.dll 2011-06-28 15:36:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2011-06-28 15:36:15 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2011-06-28 15:36:01 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe 2011-06-28 15:36:00 310784 ----a-w- c:\windows\system32\unregmp2.exe 2011-06-28 15:35:59 7680 ----a-w- c:\windows\system32\spwmp.dll 2011-06-28 15:35:59 107520 ----a-w- c:\program files\windows media player\wmpshare.exe 2011-06-28 15:35:58 4096 ----a-w- c:\windows\system32\msdxm.ocx 2011-06-28 15:35:58 4096 ----a-w- c:\windows\system32\dxmasf.dll 2011-06-28 15:35:58 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe 2011-06-28 14:42:48 171520 ----a-w- c:\windows\system32\wintrust.dll 2011-06-28 14:37:04 98304 ----a-w- c:\windows\system32\cabview.dll 2011-06-28 13:28:17 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll 2011-06-28 13:28:15 32656 ----a-w- c:\windows\system32\msonpmon.dll 2011-06-25 23:08:43 -------- d-----w- c:\windows\Panther 2011-06-25 23:08:29 -------- d-----w- C:\Boot 2011-06-25 23:08:05 -------- d-----w- c:\windows\system32\OEM 2011-06-25 22:20:49 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll 2011-06-25 22:20:40 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-25 20:18:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-25 18:55:55 2421760 ----a-w- c:\windows\system32\wucltux.dll 2011-06-25 18:55:45 87552 ----a-w- c:\windows\system32\wudriver.dll 2011-06-25 18:55:35 33792 ----a-w- c:\windows\system32\wuapp.exe 2011-06-25 18:55:35 171608 ----a-w- c:\windows\system32\wuwebv.dll 2011-06-25 16:38:31 -------- d-----w- c:\program files\Firstload 2011-06-25 16:37:51 -------- d-----w- c:\program files\VideoLAN 2011-06-25 12:04:20 -------- d-----w- c:\program files\Marvell 2011-06-25 11:56:55 80176 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2011-06-25 11:56:54 78128 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2011-06-25 11:56:54 16560 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2011-06-25 11:56:46 229376 ----a-w- c:\windows\system32\BtwRSupport.dll 2011-06-25 11:56:13 -------- d-----w- c:\windows\system32\es-MX 2011-06-25 11:56:13 -------- d-----w- c:\windows\system32\es-AR 2011-06-25 11:56:12 -------- d-----w- c:\program files\WIDCOMM 2011-06-25 11:53:01 -------- d-sh--w- c:\windows\Installer 2011-06-25 11:50:46 90112 ----a-w- c:\windows\system32\snymsico.dll 2011-06-25 11:42:59 920088 ----a-w- c:\windows\system32\igxpun.exe 2011-06-25 11:42:59 319456 ----a-w- c:\windows\system32\difxapi.dll 2011-06-25 11:42:59 -------- d-----w- c:\windows\system32\Lang 2011-06-25 11:42:00 530968 ----a-w- c:\windows\system32\igfxcfg.exe 2011-06-25 11:42:00 4608 ----a-w- c:\windows\system32\HdmiCoin.dll 2011-06-25 11:42:00 256536 ----a-w- c:\windows\system32\igfxsrvc.exe 2011-06-25 11:42:00 170520 ----a-w- c:\windows\system32\igfxzoom.exe 2011-06-25 11:42:00 170520 ----a-w- c:\windows\system32\igfxext.exe 2011-06-25 11:42:00 166424 ----a-w- c:\windows\system32\hkcmd.exe 2011-06-25 11:42:00 141848 ----a-w- c:\windows\system32\igfxtray.exe 2011-06-25 11:42:00 133656 ----a-w- c:\windows\system32\igfxpers.exe 2011-06-25 11:42:00 111616 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys . ==================== Find3M ==================== . 2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll 2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll 2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll 2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec 2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-05-18 23:00:00 222536 ----a-r- c:\windows\tabctl32.ocx 2006-05-03 08:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 09:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 11:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll . ============= FINISH: 21:08:15.58 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume1 Install Date: 6/26/2011 2:14:13 AM System Uptime: 7/10/2011 8:48:27 PM (1 hours ago) . Motherboard: Dell Inc. | | 0WP007 Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | Microprocessor | 1333/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 32 GiB total, 10.783 GiB free. D: is FIXED (NTFS) - 80 GiB total, 58.604 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP68: 7/10/2011 6:02:47 PM - Installed ESET NOD32 Antivirus . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Reader X (10.1.0) Dell Touchpad Dell Wireless WLAN Card ESET NOD32 Antivirus ESET Online Scanner v3 Firstload Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Graphics Media Accelerator Driver Laptop Integrated Webcam Driver (1.04.01.1011) Marvell Miniport Driver Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office File Validation Add-In Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ Run Time Lib Setup QuickSet RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 Security Task Manager 1.8d Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VLC media player 1.1.5 WIDCOMM Bluetooth Software 6.0.1.3100 WinZip 15.5 WinZip Courier . ==== Event Viewer Messages From Past Week ======== . 7/4/2011 12:41:55 PM, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 7/4/2011 10:27:01 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 7/4/2011 10:26:06 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost. 7/3/2011 8:09:55 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 7/3/2011 7:02:30 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001D0936CC5C. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. 7/3/2011 7:02:09 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 0.0.0.0 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/3/2011 7:02:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.135.26.232 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 188.135.28.1 (The DHCP Server sent a DHCPNACK message). 7/3/2011 6:30:16 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 6:29:55 PM, Error: Microsoft-Windows-Windows Defender [5008] - Windows Defender engine has been terminated due to an unexpected error. Failure Type: Crash Exception code: 0xc0000005 Resource: file:C:\Users\user\AppData\Local\Google\Chrome\Application\12.0.742.112\gcswf32.dll 7/3/2011 6:11:19 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 2150760449 (0x80320001). 7/3/2011 6:09:14 PM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 6:09:14 PM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 6:09:14 PM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 5:03:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Security Update for .NET Framework 3.5 SP1 on Windows Vista SP1 and Windows Server 2008 x86 (KB2449741). 7/3/2011 3:54:31 PM, Error: EventLog [6008] - The previous system shutdown at 3:51:32 PM on 7/3/2011 was unexpected. 7/3/2011 11:39:59 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 11:34:15 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.66.246.154 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/3/2011 11:25:02 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.66.245.117 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/3/2011 10:18:04 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:18:04 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 7/3/2011 10:14:35 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.135.30.164 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/3/2011 10:14:33 AM, Error: EventLog [6008] - The previous system shutdown at 10:13:06 AM on 7/3/2011 was unexpected. 7/3/2011 10:05:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.135.27.32 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 188.66.244.1 (The DHCP Server sent a DHCPNACK message). 7/3/2011 10:02:28 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.66.246.85 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 7/3/2011 10:01:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: kl2 7/3/2011 10:01:45 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 7/3/2011 10:00:30 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 188.66.244.137 for the Network Card with network address 001D0936CC5C has been denied by the DHCP server 188.135.28.1 (The DHCP Server sent a DHCPNACK message). . ==== End Of File =========================== Results of screen317's Security Check version 0.99.7 Windows Vista Service Pack 1 (UAC is enabled) Out of date service pack!! Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET NOD32 Antivirus ESET Online Scanner v3 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Adobe Flash Player ComboFix 11-07-09.02 - Anis 07/10/2011 0:23.5.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.226 [GMT 4:00] Running from: c:\users\Anis\Downloads\ComboFix.exe Command switches used :: /Uninstal SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\shost.Bin c:\shost.bin\F236B1805D42864 . . ((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 ))))))))))))))))))))))))))))))) . . 2011-07-09 20:30 . 2011-07-09 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-09 19:19 . 2008-01-02 12:33 172032 ----a-w- c:\windows\system32\igfxres.dll 2011-07-09 18:06 . 2011-07-09 18:06 -------- d-----w- c:\program files\ESET 2011-07-09 17:27 . 2011-06-20 04:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E9C75FB-659B-4E64-A6B8-EE15F30A7944}\mpengine.dll 2011-07-09 12:57 . 2011-05-29 05:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-09 12:57 . 2011-07-09 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-09 12:57 . 2011-05-29 05:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-09 12:43 . 2011-07-09 12:45 -------- d-----w- c:\users\Anis 2011-07-08 14:26 . 2011-07-09 12:42 -------- d-----w- c:\program files\Common Files\PC Tools 2011-07-08 14:26 . 2011-07-09 12:42 -------- d-----w- c:\program files\Spyware Doctor 2011-07-08 13:34 . 2011-07-09 11:32 -------- d-----w- c:\programdata\SecTaskMan 2011-07-08 13:33 . 2011-07-08 13:34 -------- d-----w- c:\program files\Security Task Manager 2011-07-08 13:30 . 2011-07-08 13:30 -------- d-----w- c:\program files\WinZip Courier 2011-07-08 13:30 . 2011-07-08 13:30 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP 2011-07-08 13:28 . 2011-07-08 13:30 -------- d-----w- c:\programdata\WinZip 2011-07-04 15:59 . 2011-07-04 15:59 -------- d-----w- C:\$AVG 2011-07-04 15:04 . 2011-07-04 15:04 -------- d--h--w- c:\programdata\Common Files 2011-07-04 14:59 . 2011-07-09 14:35 -------- d-----w- c:\programdata\AVG10 2011-07-04 14:57 . 2011-07-09 11:34 -------- d-----w- c:\program files\AVG 2011-07-04 14:20 . 2011-07-09 14:34 -------- d-----w- c:\programdata\MFAData 2011-07-04 14:10 . 2011-07-04 14:10 -------- d-----w- c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} 2011-07-04 13:38 . 2011-07-04 13:38 -------- d-----w- c:\programdata\Malwarebytes 2011-07-04 09:19 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2011-07-03 15:13 . 2009-11-08 06:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-07-03 15:13 . 2009-11-08 06:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-07-03 15:13 . 2009-11-08 06:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-07-03 15:13 . 2009-11-08 06:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-07-03 15:13 . 2009-11-08 06:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-07-03 11:58 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2011-07-03 11:58 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2011-07-03 10:02 . 2011-07-03 10:02 369952 ----a-w- c:\windows\system32\yk60x86.dll 2011-07-03 10:02 . 2011-07-03 10:02 320288 ----a-w- c:\windows\system32\drivers\yk60x86.sys 2011-07-03 09:54 . 2011-07-03 09:54 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll 2011-07-03 09:54 . 2011-07-03 09:54 3555349 ----a-w- c:\windows\system32\bcmihvui.dll 2011-07-03 09:54 . 2011-07-03 09:54 2707448 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS 2011-07-03 09:54 . 2011-07-03 09:54 3866624 ----a-w- c:\windows\system32\bcmihvsrv.dll 2011-07-03 09:52 . 2011-07-03 09:52 19464 ----a-w- c:\windows\system32\btinstall.dll 2011-07-03 09:43 . 2011-07-03 09:43 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2011-07-03 09:43 . 2011-07-03 09:43 114616 ----a-w- c:\windows\system32\Vxdif.dll 2011-07-03 09:43 . 2011-07-03 09:43 255096 ----a-w- c:\windows\system32\drivers\Apfiltr.sys 2011-07-03 08:24 . 2011-07-03 08:24 -------- d-----w- c:\programdata\Uniblue 2011-07-03 07:39 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-07-03 06:31 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2011-07-03 06:31 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2011-07-03 06:31 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl 2011-07-03 06:31 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2011-07-03 06:31 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2011-07-03 06:31 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2011-07-03 06:20 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2011-07-03 06:20 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2011-07-02 06:28 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-07-02 06:15 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2011-07-02 06:15 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2011-07-02 06:15 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll 2011-06-29 23:02 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll 2011-06-29 10:51 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll 2011-06-29 10:51 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll 2011-06-29 10:51 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll 2011-06-29 10:51 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe 2011-06-29 10:51 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll 2011-06-29 10:50 . 2009-11-03 19:53 411136 ----a-w- c:\windows\system32\drivers\http.sys 2011-06-29 10:50 . 2009-11-03 22:17 24064 ----a-w- c:\windows\system32\nshhttp.dll 2011-06-29 10:50 . 2009-11-03 22:15 31232 ----a-w- c:\windows\system32\httpapi.dll 2011-06-29 10:50 . 2011-04-29 14:54 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-29 08:48 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-06-29 08:48 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-06-29 06:49 . 2009-09-27 05:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2011-06-29 06:49 . 2004-02-22 06:11 719872 ----a-w- c:\windows\system32\devil.dll 2011-06-29 06:49 . 2004-01-24 20:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2011-06-29 06:49 . 2004-01-24 20:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2011-06-29 06:49 . 2011-06-29 06:49 -------- d-----w- c:\program files\AviSynth 2.5 2011-06-29 06:49 . 2011-01-14 09:35 17712 ----a-w- c:\windows\system32\nitrolocalui.dll 2011-06-29 06:49 . 2011-01-14 09:35 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll 2011-06-29 06:16 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll 2011-06-29 06:01 . 2011-06-29 06:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-06-29 06:00 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll 2011-06-28 19:07 . 2011-06-28 19:07 -------- d-----w- c:\programdata\Leawo 2011-06-28 19:06 . 2008-10-28 06:10 139264 ----a-w- c:\windows\system32\xvid.ax 2011-06-28 19:06 . 2008-10-08 05:45 606208 ----a-w- c:\windows\system32\xvidcore.dll 2011-06-28 17:26 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe 2011-06-28 17:26 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe 2011-06-28 17:26 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2011-06-28 17:26 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll 2011-06-28 17:26 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll 2011-06-28 17:26 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2011-06-28 17:26 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2011-06-28 17:26 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll 2011-06-28 17:26 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll 2011-06-28 17:16 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-28 17:16 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-06-28 17:16 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-06-28 17:15 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll 2011-06-28 17:11 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll 2011-06-28 17:11 . 2009-03-03 04:39 551424 ----a-w- c:\windows\system32\rpcss.dll 2011-06-28 17:11 . 2009-03-03 04:36 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll 2011-06-28 17:11 . 2009-03-03 02:16 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe 2011-06-28 17:11 . 2009-03-03 04:40 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll 2011-06-28 17:11 . 2009-03-03 03:04 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-06-28 17:11 . 2009-03-03 04:39 183296 ----a-w- c:\windows\system32\sdohlp.dll 2011-06-28 17:11 . 2009-03-03 04:39 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-06-28 17:11 . 2009-03-03 04:37 98304 ----a-w- c:\windows\system32\iasrecst.dll 2011-06-28 17:11 . 2009-03-03 04:37 54784 ----a-w- c:\windows\system32\iasads.dll 2011-06-28 17:11 . 2009-03-03 04:37 44032 ----a-w- c:\windows\system32\iasdatastore.dll 2011-06-28 17:11 . 2009-03-03 02:38 17408 ----a-w- c:\windows\system32\iashost.exe 2011-06-28 17:05 . 2011-05-02 12:00 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-06-28 17:02 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-06-28 17:02 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-06-28 17:01 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll 2011-06-28 17:01 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll 2011-06-28 17:01 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe 2011-06-28 17:01 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe 2011-06-28 17:00 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll 2011-06-28 17:00 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-06-28 17:00 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll 2011-06-28 17:00 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2011-06-28 17:00 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL 2011-06-28 17:00 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll 2011-06-28 17:00 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-06-28 17:00 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll 2011-06-28 17:00 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-06-28 17:00 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-06-28 17:00 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-06-28 16:59 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2011-06-28 16:59 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2011-06-28 16:59 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-18 23:00 . 2011-05-18 23:00 222536 ----a-r- c:\windows\tabctl32.ocx 2006-05-03 08:06 163328 --sha-r- c:\windows\System32\flvDX.dll 2007-02-21 09:47 31232 --sha-r- c:\windows\System32\msfDX.dll 2008-03-16 11:30 216064 --sha-r- c:\windows\System32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8FB70FA-0FDF-4601-9DC4-BFA1B357204F}] 2011-05-18 23:00 193864 ----a-r- c:\progra~1\WINZIP~1\wzwmcie.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-03 292208] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2011-6-23 610120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024083015-3834169448-2481064255-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 20:24] . 2011-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3024083015-3834169448-2481064255-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 20:24] . 2011-07-09 c:\windows\Tasks\User_Feed_Synchronization-{34A37BBD-0B68-4E74-9D2C-5FD39DFB4806}.job - c:\windows\system32\msfeedssync.exe [2011-07-04 04:32] . . ------- Supplementary Scan ------- . mStart Page = about:blank IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 188.135.0.23 188.135.0.24 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-10 00:30 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-07-10 00:33:45 ComboFix-quarantined-files.txt 2011-07-09 20:33 ComboFix2.txt 2011-07-09 20:15 ComboFix3.txt 2011-07-09 19:31 ComboFix4.txt 2011-07-09 19:17 ComboFix5.txt 2011-07-09 20:22 . Pre-Run: 10,235,043,840 bytes free Post-Run: 10,211,262,464 bytes free . - - End Of File - - E86ADA721B05C95887F1E748B9BF7344 looks his still controling the system Adobe Reader X (10.1.0) ```````````````````````````````` Process Check: objlist.exe by Laurent ``````````End of Log```````````` Any one can help here please?