steveopevo

Thank you again

update was successful. I always felt good about using registry cleaners as if it would significantly improve performance. In the past i've had problems with Fixit utilities doing exactly what you're saying. Thankyou for the advice.

Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Trend Micro Titanium Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.70.0.1100 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) Java 6 Update 26 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! IObit IObit Malware Fighter IMFsrv.exe Trend Micro AMSP coreServiceShell.exe Trend Micro UniClient UiFrmWrk uiWatchDog.exe Trend Micro AMSP coreFrameworkHost.exe Trend Micro UniClient UiFrmWrk uiSeAgnt.exe Trend Micro AMSP AMSP_LogServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: ````````````````````End of Log``````````````````````

I just reset default settings on IE and it's working fine now. Firefox works fine. Before when I reset IE settings nothing changed so I'm guessing after your help the virus was deleted. Thankyou very much for your help, I can't tell you how much I appreciate you guys at malwarebytes. Do you think anything else needs to be done?

IE still hangs depending on the website I go to. Do you think some settings got messed up or maybe IE needs to be reinstalled?

C:\System Volume Information\_restore{03F4B5B1-16D4-46FC-BCF1-B2EB3976FE79}\RP27\A0077545.exe Win32/NoAdware application C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP33\A0019357.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP35\A0023468.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP36\A0031168.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP37\A0036511.exe a variant of Win32/Toolbar.Widgi application C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP38\A0041855.exe a variant of Win32/Toolbar.Widgi application C:\Utility\asc-setup.exe a variant of Win32/Toolbar.Widgi application C:\Utility\noadware\noadwarefullv4.exe Win32/NoAdware application F:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application F:\Utility\noadware\noadwarefullv4.exe Win32/NoAdware application

Status: Deleted (events: 3) 1/11/2013 9:01:35 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\NEIL'S\Application Data\Sun\Java\Deployment\cache\6.0\29\2f44825d-2098a00f High 1/11/2013 9:01:35 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046134.exe High 1/11/2013 9:01:42 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046135.exe High

the first time I ran AdwCleaner it didn't generate a report so I ran it a second time and it did. I downloaded firefox a few days ago and so far it has not been hijacked. IE isn't being redirected anymore but is having trouble loading certain webpages and is very slow. # AdwCleaner v2.105 - Logfile created 01/10/2013 at 15:55:29 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : NEIL'S - HOME # Boot Mode : Normal # Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R2].txt - [6057 octets] - [09/01/2013 17:05:45] AdwCleaner[s2].txt - [1044 octets] - [10/01/2013 15:55:29] ########## EOF - C:\AdwCleaner[s2].txt - [1104 octets] ##########

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 17:05:45 # Updated 08/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : NEIL'S - HOME # Boot Mode : Normal # Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium Folder Found : C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\NEIL'S\Application Data\imeshbandmltbpi Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\AVG Secure Search Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Conduit Folder Found : C:\Program Files\AVG Secure Search Folder Found : C:\Program Files\Common Files\AVG Secure Search Folder Found : C:\Program Files\Conduit Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [Registry] ***** Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js [OK] File is clean. File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [12563 octets] - [31/12/2012 12:17:12] AdwCleaner[R2].txt - [5868 octets] - [09/01/2013 17:05:45] AdwCleaner[s1].txt - [6452 octets] - [31/12/2012 12:17:54] ########## EOF - C:\AdwCleaner[R2].txt - [5988 octets] ##########

ComboFix 13-01-08.01 - NEIL'S 01/09/2013 16:54:17.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2690 [GMT -7:00] Running from: c:\documents and settings\NEIL'S\My Documents\Downloads\ComboFix.exe AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users.WINDOWS\Application Data\TEMP c:\documents and settings\NEIL'S\My Documents\wpabaln.exe C:\prefs.js c:\windows\system32\Cache c:\windows\system32\Cache\262643b75c37f5ca.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\48d67d4b09e3cbf2.fb c:\windows\system32\Cache\52956e87180d8fe0.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\63ef0dbca4051940.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\68ad56a4659b4a48.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\c9edfb3dbcb25b7e.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\e8bcb6954ecca995.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\dllcache\wmpvis.dll c:\windows\system32\service c:\windows\system32\service\02072011_TIS17_SfFniAU.log c:\windows\system32\service\04012011_TIS17_SfFniAU.log c:\windows\system32\service\04122009_TIS17_SfFniAU.log c:\windows\system32\service\05012011_TIS17_SfFniAU.log c:\windows\system32\service\07042011_TIS17_SfFniAU.log c:\windows\system32\service\10102010_TIS17_SfFniAU.log c:\windows\system32\service\11102010_TIS17_SfFniAU.log c:\windows\system32\service\12012010_TIS17_SfFniAU.log c:\windows\system32\service\13012011_TIS17_SfFniAU.log c:\windows\system32\service\13022010_TIS17_SfFniAU.log c:\windows\system32\service\13032010_TIS17_SfFniAU.log c:\windows\system32\service\14032011_TIS17_SfFniAU.log c:\windows\system32\service\16052009_TIS17_SfFniAU.log c:\windows\system32\service\17102010_TIS17_SfFniAU.log c:\windows\system32\service\18032011_TIS17_SfFniAU.log c:\windows\system32\service\19122009_TIS17_SfFniAU.log c:\windows\system32\service\20012011_TIS17_SfFniAU.log c:\windows\system32\service\20022010_TIS17_SfFniAU.log c:\windows\system32\service\20032011_TIS17_SfFniAU.log c:\windows\system32\service\22062009_TIS17_SfFniAU.log c:\windows\system32\service\24052011_TIS17_SfFniAU.log c:\windows\system32\service\24072009_TIS17_SfFniAU.log c:\windows\system32\service\26022011_TIS17_SfFniAU.log c:\windows\system32\service\26032011_TIS17_SfFniAU.log c:\windows\system32\service\26102010_TIS17_SfFniAU.log c:\windows\system32\service\27032011_TIS17_SfFniAU.log c:\windows\system32\service\27112009_TIS17_SfFniAU.log c:\windows\system32\service\30102010_TIS17_SfFniAU.log c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 ))))))))))))))))))))))))))))))) . . 2013-01-03 00:02 . 2013-01-03 00:02 181808 ----a-w- c:\windows\RegBootClean.exe 2013-01-01 06:40 . 2013-01-01 06:40 -------- d-----w- c:\program files\WinPcap 2013-01-01 05:20 . 2013-01-01 05:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ErrorEND 2012-12-31 19:46 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 19:36 . 2012-12-31 19:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro 2012-12-31 19:23 . 2012-12-31 19:23 -------- d-----w- c:\windows\system32\wbem\Repository 2012-12-29 19:25 . 2012-12-29 19:30 -------- d-----w- c:\documents and settings\NEIL'S\Application Data\FixCleaner 2012-12-29 19:25 . 2012-12-29 19:40 -------- d-----w- c:\program files\FixCleaner 2012-12-29 18:53 . 2012-12-29 18:53 -------- d-----w- c:\program files\do not track 2012-12-29 18:51 . 2012-12-29 18:54 -------- d-----w- c:\program files\emsisoft 2012-12-29 06:41 . 2012-12-29 06:41 138864 ----a-w- c:\windows\system32\drivers\06413029.sys 2012-12-29 06:33 . 2012-12-29 06:37 -------- d-----w- c:\program files\mbar-anti rootkit 2012-12-29 05:30 . 2013-01-02 23:45 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\DoNotTrackPlus 2012-12-29 05:30 . 2012-12-29 05:30 -------- d-----w- c:\program files\DoNotTrackPlus 2012-12-29 05:25 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2012-12-29 05:20 . 2012-12-29 05:20 -------- d-----w- C:\TMRescueDisk 2012-12-29 05:13 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys 2012-12-29 05:13 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys 2012-12-29 05:13 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-12-29 05:13 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-12-29 05:13 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-12-29 05:13 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-12-29 05:13 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys 2012-12-29 05:12 . 2012-12-29 05:12 59 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-12-29 04:36 . 2012-12-29 04:36 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Trend Micro 2012-12-29 01:09 . 2012-12-29 01:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache 2012-12-26 08:20 . 2012-12-26 08:20 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS\IETldCache 2012-12-26 07:58 . 2012-12-29 04:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2012-12-26 07:58 . 2012-12-29 05:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-12-26 06:12 . 2012-12-26 06:12 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\Mozilla . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:32 . 2012-05-10 05:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:32 . 2011-07-30 17:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2007-07-27 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2007-07-27 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 01:03 . 2012-11-09 01:03 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-06 02:01 . 2009-08-20 00:07 1371648 ------w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2007-07-27 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec 2012-10-13 02:09 . 2012-12-02 04:41 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-11-29 08:27 . 2013-01-08 02:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe . c:\windows\System32\ctfmon.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-12-31 19:25 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-12-31 1796552] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-13 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-12-31 997320] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2008-05-28 15:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Fix-It Task Manager"=2 (0x2) "TuneUp.UtilitiesSvc"=2 (0x2) "NBService"=3 (0x3) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [12/28/2012 10:13 PM 38328] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:03 PM 26984] R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [12/28/2012 10:13 PM 90808] R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/28/2012 10:13 PM 75624] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:43 PM 464256] R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [11/9/2012 3:49 PM 821592] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/28/2012 10:25 PM 1103392] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/28/2012 10:25 PM 1369624] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 9:34 AM 1527104] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:03 PM 711112] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4/6/2009 6:40 AM 37376] R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [12/28/2012 10:13 PM 171064] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064] S1 A2DDA;A2 Direct Disk Access Support Driver; [x] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/28/2012 10:12 PM 221264] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/28/2012 10:25 PM 168384] S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [11/9/2012 3:49 PM 246816] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704] S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [11/9/2012 3:49 PM 30408] S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [11/9/2012 3:49 PM 16248] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [8/21/2011 2:28 PM 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [8/21/2011 2:28 PM 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [8/21/2011 2:28 PM 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [8/21/2011 2:28 PM 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [8/21/2011 2:28 PM 25704] . --- Other Services/Drivers In Memory --- . *Deregistered* - uphcleanhlp . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder . 2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 23:32] . 2013-01-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-29 21:08] . 2012-12-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-29 21:07] . 2012-12-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-29 21:07] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB FF - ProfilePath - c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\ FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-12-28 22:12; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF - ExtSQL: 2012-12-31 12:25; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension FF - ExtSQL: 2012-12-31 12:25; avg@toolbar; c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5 FF - ExtSQL: 2013-01-07 19:29; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension FF - ExtSQL: 2013-01-08 15:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Notify-SDWinLogon - SDWinLogon.dll SafeBoot-22288891.sys MSConfigStartUp-ctfmon - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-09 16:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-01-09 16:57:33 ComboFix-quarantined-files.txt 2013-01-09 23:57 . Pre-Run: 234,116,800,512 bytes free Post-Run: 234,471,432,192 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn [spybotsd] timeout.old=4 . - - End Of File - - D1EBCC530B4143FC54994BB513057BE8

11:17:23.0171 2952 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll 11:17:23.0171 2952 C:\WINDOWS\system32\imagehlp.dll - ok 11:17:23.0171 2952 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll 11:17:23.0171 2952 C:\WINDOWS\system32\winsta.dll - ok 11:17:23.0171 2952 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll 11:17:23.0171 2952 C:\WINDOWS\system32\wintrust.dll - ok 11:17:23.0171 2952 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll 11:17:23.0171 2952 C:\WINDOWS\system32\ws2help.dll - ok 11:17:23.0171 2952 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll 11:17:23.0171 2952 C:\WINDOWS\system32\ws2_32.dll - ok 11:17:23.0187 2952 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll 11:17:23.0187 2952 C:\WINDOWS\system32\imm32.dll - ok 11:17:23.0187 2952 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll 11:17:23.0187 2952 C:\WINDOWS\system32\kbdus.dll - ok 11:17:23.0187 2952 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll 11:17:23.0187 2952 C:\WINDOWS\system32\msgina.dll - ok 11:17:23.0187 2952 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll 11:17:23.0187 2952 C:\WINDOWS\system32\comctl32.dll - ok 11:17:23.0187 2952 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll 11:17:23.0187 2952 C:\WINDOWS\system32\comdlg32.dll - ok 11:17:23.0187 2952 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll 11:17:23.0187 2952 C:\WINDOWS\system32\odbc32.dll - ok 11:17:23.0187 2952 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll 11:17:23.0187 2952 C:\WINDOWS\system32\shell32.dll - ok 11:17:23.0187 2952 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll 11:17:23.0187 2952 C:\WINDOWS\system32\shlwapi.dll - ok 11:17:23.0187 2952 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll 11:17:23.0187 2952 C:\WINDOWS\system32\sxs.dll - ok 11:17:23.0187 2952 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll 11:17:23.0187 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok 11:17:23.0187 2952 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll 11:17:23.0187 2952 C:\WINDOWS\system32\odbcint.dll - ok 11:17:23.0187 2952 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll 11:17:23.0187 2952 C:\WINDOWS\system32\sfc.dll - ok 11:17:23.0203 2952 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll 11:17:23.0203 2952 C:\WINDOWS\system32\sfc_os.dll - ok 11:17:23.0203 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll 11:17:23.0203 2952 C:\WINDOWS\system32\shsvcs.dll - ok 11:17:23.0203 2952 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll 11:17:23.0203 2952 C:\WINDOWS\system32\ole32.dll - ok 11:17:23.0203 2952 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll 11:17:23.0203 2952 C:\WINDOWS\system32\apphelp.dll - ok 11:17:23.0203 2952 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll 11:17:23.0203 2952 C:\WINDOWS\system32\lsasrv.dll - ok 11:17:23.0203 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe 11:17:23.0203 2952 C:\WINDOWS\system32\lsass.exe - ok 11:17:23.0203 2952 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll 11:17:23.0203 2952 C:\WINDOWS\system32\ncobjapi.dll - ok 11:17:23.0203 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 11:17:23.0203 2952 C:\WINDOWS\system32\services.exe - ok 11:17:23.0203 2952 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll 11:17:23.0203 2952 C:\WINDOWS\system32\msvcp60.dll - ok 11:17:23.0203 2952 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll 11:17:23.0203 2952 C:\WINDOWS\system32\mpr.dll - ok 11:17:23.0203 2952 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll 11:17:23.0203 2952 C:\WINDOWS\system32\scesrv.dll - ok 11:17:23.0203 2952 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll 11:17:23.0203 2952 C:\WINDOWS\system32\ntdsapi.dll - ok 11:17:23.0218 2952 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll 11:17:23.0218 2952 C:\WINDOWS\system32\umpnpmgr.dll - ok 11:17:23.0218 2952 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll 11:17:23.0218 2952 C:\WINDOWS\system32\dnsapi.dll - ok 11:17:23.0218 2952 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll 11:17:23.0218 2952 C:\WINDOWS\system32\shimeng.dll - ok 11:17:23.0218 2952 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll 11:17:23.0218 2952 C:\WINDOWS\system32\wldap32.dll - ok 11:17:23.0218 2952 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll 11:17:23.0218 2952 C:\WINDOWS\AppPatch\acadproc.dll - ok 11:17:23.0218 2952 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll 11:17:23.0218 2952 C:\WINDOWS\system32\samlib.dll - ok 11:17:23.0218 2952 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll 11:17:23.0218 2952 C:\WINDOWS\system32\samsrv.dll - ok 11:17:23.0218 2952 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll 11:17:23.0218 2952 C:\WINDOWS\system32\cryptdll.dll - ok 11:17:23.0218 2952 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll 11:17:23.0218 2952 C:\WINDOWS\AppPatch\acgenral.dll - ok 11:17:23.0218 2952 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll 11:17:23.0218 2952 C:\WINDOWS\system32\oleaut32.dll - ok 11:17:23.0218 2952 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll 11:17:23.0218 2952 C:\WINDOWS\system32\winmm.dll - ok 11:17:23.0218 2952 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll 11:17:23.0218 2952 C:\WINDOWS\system32\msacm32.dll - ok 11:17:23.0234 2952 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll 11:17:23.0234 2952 C:\WINDOWS\system32\uxtheme.dll - ok 11:17:23.0234 2952 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll 11:17:23.0234 2952 C:\WINDOWS\system32\msapsspc.dll - ok 11:17:23.0234 2952 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll 11:17:23.0234 2952 C:\WINDOWS\system32\msvcrt40.dll - ok 11:17:23.0234 2952 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll 11:17:23.0234 2952 C:\WINDOWS\system32\schannel.dll - ok 11:17:23.0234 2952 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll 11:17:23.0234 2952 C:\WINDOWS\system32\digest.dll - ok 11:17:23.0234 2952 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll 11:17:23.0234 2952 C:\WINDOWS\system32\msnsspc.dll - ok 11:17:23.0234 2952 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll 11:17:23.0234 2952 C:\WINDOWS\system32\kerberos.dll - ok 11:17:23.0234 2952 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime 11:17:23.0234 2952 C:\WINDOWS\system32\msctfime.ime - ok 11:17:23.0234 2952 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll 11:17:23.0234 2952 C:\WINDOWS\system32\msprivs.dll - ok 11:17:23.0234 2952 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll 11:17:23.0234 2952 C:\WINDOWS\system32\msv1_0.dll - ok 11:17:23.0234 2952 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll 11:17:23.0234 2952 C:\WINDOWS\system32\atmfd.dll - ok 11:17:23.0234 2952 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll 11:17:23.0234 2952 C:\WINDOWS\system32\iphlpapi.dll - ok 11:17:23.0250 2952 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll 11:17:23.0250 2952 C:\WINDOWS\system32\netlogon.dll - ok 11:17:23.0250 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll 11:17:23.0250 2952 C:\WINDOWS\system32\w32time.dll - ok 11:17:23.0250 2952 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll 11:17:23.0250 2952 C:\WINDOWS\system32\wdigest.dll - ok 11:17:23.0250 2952 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll 11:17:23.0250 2952 C:\WINDOWS\system32\rsaenh.dll - ok 11:17:23.0250 2952 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll 11:17:23.0250 2952 C:\WINDOWS\system32\winscard.dll - ok 11:17:23.0250 2952 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll 11:17:23.0250 2952 C:\WINDOWS\system32\wtsapi32.dll - ok 11:17:23.0250 2952 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll 11:17:23.0250 2952 C:\WINDOWS\system32\scecli.dll - ok 11:17:23.0250 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe 11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - ok 11:17:23.0250 2952 [ 26AA77FC855DC49E3FFD98BFB38904BE ] C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl 11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl - ok 11:17:23.0250 2952 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll 11:17:23.0250 2952 C:\WINDOWS\system32\oleacc.dll - ok 11:17:23.0250 2952 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll 11:17:23.0250 2952 C:\WINDOWS\system32\wsock32.dll - ok 11:17:23.0265 2952 [ B10E3287B7CB1060CD70B51B079A354D ] C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl 11:17:23.0265 2952 C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl - ok 11:17:23.0265 2952 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll 11:17:23.0265 2952 C:\WINDOWS\system32\msimg32.dll - ok 11:17:23.0265 2952 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv 11:17:23.0265 2952 C:\WINDOWS\system32\winspool.drv - ok 11:17:23.0265 2952 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll 11:17:23.0265 2952 C:\WINDOWS\system32\oledlg.dll - ok 11:17:23.0265 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] C:\WINDOWS\system32\nvsvc32.exe 11:17:23.0265 2952 C:\WINDOWS\system32\nvsvc32.exe - ok 11:17:23.0265 2952 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll 11:17:23.0265 2952 C:\WINDOWS\system32\powrprof.dll - ok 11:17:23.0265 2952 [ 58A517026E5C8674A70B9B6650691EFE ] C:\WINDOWS\system32\nvcpl.dll 11:17:23.0265 2952 C:\WINDOWS\system32\nvcpl.dll - ok 11:17:23.0265 2952 [ 6A65DA7325CF33ACAA112DC2F70B0934 ] C:\WINDOWS\system32\nvapi.dll 11:17:23.0265 2952 C:\WINDOWS\system32\nvapi.dll - ok 11:17:23.0265 2952 [ 0AD786CEEFBD6D51B7D35788D83857B9 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll 11:17:23.0265 2952 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok 11:17:23.0265 2952 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe 11:17:23.0265 2952 C:\WINDOWS\system32\logonui.exe - ok 11:17:23.0281 2952 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll 11:17:23.0281 2952 C:\WINDOWS\system32\duser.dll - ok 11:17:23.0281 2952 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll 11:17:23.0281 2952 C:\WINDOWS\system32\clbcatq.dll - ok 11:17:23.0281 2952 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll 11:17:23.0281 2952 C:\WINDOWS\system32\comres.dll - ok 11:17:23.0281 2952 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll 11:17:23.0281 2952 C:\WINDOWS\system32\shgina.dll - ok 11:17:23.0281 2952 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe 11:17:23.0281 2952 C:\WINDOWS\system32\svchost.exe - ok 11:17:23.0281 2952 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll 11:17:23.0281 2952 C:\WINDOWS\system32\ntmarta.dll - ok 11:17:23.0281 2952 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll 11:17:23.0281 2952 C:\WINDOWS\system32\rpcss.dll - ok 11:17:23.0281 2952 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll 11:17:23.0281 2952 C:\WINDOWS\system32\xpsp2res.dll - ok 11:17:23.0281 2952 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll 11:17:23.0281 2952 C:\WINDOWS\system32\eventlog.dll - ok 11:17:23.0281 2952 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll 11:17:23.0281 2952 C:\WINDOWS\system32\mswsock.dll - ok 11:17:23.0296 2952 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll 11:17:23.0296 2952 C:\WINDOWS\system32\hnetcfg.dll - ok 11:17:23.0296 2952 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll 11:17:23.0296 2952 C:\WINDOWS\system32\winrnr.dll - ok 11:17:23.0296 2952 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll 11:17:23.0296 2952 C:\WINDOWS\system32\wshtcpip.dll - ok 11:17:23.0296 2952 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll 11:17:23.0296 2952 C:\WINDOWS\system32\rasadhlp.dll - ok 11:17:23.0296 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] C:\WINDOWS\system32\uxtuneup.dll 11:17:23.0296 2952 C:\WINDOWS\system32\uxtuneup.dll - ok 11:17:23.0296 2952 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll 11:17:23.0296 2952 C:\WINDOWS\system32\dbghelp.dll - ok 11:17:23.0296 2952 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys 11:17:23.0296 2952 C:\WINDOWS\system32\drivers\ndisuio.sys - ok 11:17:23.0296 2952 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll 11:17:23.0296 2952 C:\WINDOWS\system32\dhcpcsvc.dll - ok 11:17:23.0296 2952 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll 11:17:23.0296 2952 C:\WINDOWS\system32\cscdll.dll - ok 11:17:23.0296 2952 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll 11:17:23.0296 2952 C:\WINDOWS\system32\dimsntfy.dll - ok 11:17:23.0296 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll 11:17:23.0296 2952 C:\WINDOWS\system32\dnsrslvr.dll - ok 11:17:23.0296 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll 11:17:23.0296 2952 C:\WINDOWS\system32\wzcsvc.dll - ok 11:17:23.0312 2952 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll 11:17:23.0312 2952 C:\WINDOWS\system32\wlnotify.dll - ok 11:17:23.0312 2952 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll 11:17:23.0312 2952 C:\WINDOWS\system32\rtutils.dll - ok 11:17:23.0312 2952 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll 11:17:23.0312 2952 C:\WINDOWS\system32\wmi.dll - ok 11:17:23.0312 2952 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll 11:17:23.0312 2952 C:\WINDOWS\system32\eapolqec.dll - ok 11:17:23.0312 2952 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll 11:17:23.0312 2952 C:\WINDOWS\system32\WgaLogon.dll - ok 11:17:23.0312 2952 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll 11:17:23.0312 2952 C:\WINDOWS\system32\atl.dll - ok 11:17:23.0312 2952 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll 11:17:23.0312 2952 C:\WINDOWS\system32\qutil.dll - ok 11:17:23.0312 2952 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll 11:17:23.0312 2952 C:\WINDOWS\system32\dot3api.dll - ok 11:17:23.0312 2952 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll 11:17:23.0312 2952 C:\WINDOWS\system32\esent.dll - ok 11:17:23.0312 2952 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll 11:17:23.0312 2952 C:\WINDOWS\system32\msxml3.dll - ok 11:17:23.0312 2952 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll 11:17:23.0312 2952 C:\WINDOWS\system32\rastls.dll - ok 11:17:23.0312 2952 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll 11:17:23.0312 2952 C:\WINDOWS\system32\cryptui.dll - ok 11:17:23.0328 2952 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll 11:17:23.0328 2952 C:\WINDOWS\system32\wininet.dll - ok 11:17:23.0328 2952 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll 11:17:23.0328 2952 C:\WINDOWS\system32\normaliz.dll - ok 11:17:23.0328 2952 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll 11:17:23.0328 2952 C:\WINDOWS\system32\urlmon.dll - ok 11:17:23.0328 2952 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll 11:17:23.0328 2952 C:\WINDOWS\system32\iertutil.dll - ok 11:17:23.0328 2952 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll 11:17:23.0328 2952 C:\WINDOWS\system32\mprapi.dll - ok 11:17:23.0328 2952 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll 11:17:23.0328 2952 C:\WINDOWS\system32\activeds.dll - ok 11:17:23.0328 2952 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll 11:17:23.0328 2952 C:\WINDOWS\system32\adsldpc.dll - ok 11:17:23.0328 2952 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll 11:17:23.0328 2952 C:\WINDOWS\system32\rasapi32.dll - ok 11:17:23.0328 2952 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll 11:17:23.0328 2952 C:\WINDOWS\system32\rasman.dll - ok 11:17:23.0328 2952 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll 11:17:23.0328 2952 C:\WINDOWS\system32\tapi32.dll - ok 11:17:23.0328 2952 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll 11:17:23.0328 2952 C:\WINDOWS\system32\riched20.dll - ok 11:17:23.0328 2952 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll 11:17:23.0328 2952 C:\WINDOWS\system32\raschap.dll - ok 11:17:23.0343 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll 11:17:23.0343 2952 C:\WINDOWS\system32\schedsvc.dll - ok 11:17:23.0343 2952 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll 11:17:23.0343 2952 C:\WINDOWS\system32\msidle.dll - ok 11:17:23.0343 2952 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll 11:17:23.0343 2952 C:\WINDOWS\system32\cscui.dll - ok 11:17:23.0343 2952 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe 11:17:23.0343 2952 C:\WINDOWS\system32\spoolsv.exe - ok 11:17:23.0343 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll 11:17:23.0343 2952 C:\WINDOWS\system32\audiosrv.dll - ok 11:17:23.0343 2952 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll 11:17:23.0343 2952 C:\WINDOWS\system32\dpcdll.dll - ok 11:17:23.0343 2952 [ 8AE99EBE30E8338907361018D9030835 ] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe 11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe - ok 11:17:23.0343 2952 [ DD82EB68D97944B192C7803EB585B03C ] C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl 11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl - ok 11:17:23.0343 2952 [ 773EBD87010A6F644869A59D98792C9C ] C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl 11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl - ok 11:17:23.0343 2952 [ 8A73E259446AEADF64EA884F2BCE4E69 ] C:\Program Files\IObit\IObit Malware Fighter\datastate.dll 11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\datastate.dll - ok 11:17:23.0343 2952 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe 11:17:23.0343 2952 C:\WINDOWS\system32\userinit.exe - ok 11:17:23.0359 2952 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe 11:17:23.0359 2952 C:\WINDOWS\system32\WgaTray.exe - ok 11:17:23.0359 2952 [ 452DB84283EB2F043827AC95D62CE19C ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe 11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok 11:17:23.0359 2952 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe 11:17:23.0359 2952 C:\WINDOWS\explorer.exe - ok 11:17:23.0359 2952 [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl 11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok 11:17:23.0359 2952 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll 11:17:23.0359 2952 C:\WINDOWS\system32\browseui.dll - ok 11:17:23.0359 2952 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll 11:17:23.0359 2952 C:\WINDOWS\system32\cryptnet.dll - ok 11:17:23.0359 2952 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll 11:17:23.0359 2952 C:\WINDOWS\system32\sensapi.dll - ok 11:17:23.0359 2952 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll 11:17:23.0359 2952 C:\WINDOWS\system32\shdocvw.dll - ok 11:17:23.0359 2952 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll 11:17:23.0359 2952 C:\WINDOWS\system32\winhttp.dll - ok 11:17:23.0359 2952 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll 11:17:23.0359 2952 C:\WINDOWS\system32\wkssvc.dll - ok 11:17:23.0359 2952 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll 11:17:23.0359 2952 C:\WINDOWS\system32\shfolder.dll - ok 11:17:23.0359 2952 [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL 11:17:23.0359 2952 C:\WINDOWS\system32\LegitCheckControl.DLL - ok 11:17:23.0359 2952 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll 11:17:23.0359 2952 C:\WINDOWS\system32\wbem\wbemprox.dll - ok 11:17:23.0375 2952 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll 11:17:23.0375 2952 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok 11:17:23.0375 2952 [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok 11:17:23.0375 2952 [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok 11:17:23.0375 2952 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl 11:17:23.0375 2952 C:\WINDOWS\system32\desk.cpl - ok 11:17:23.0375 2952 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll 11:17:23.0375 2952 C:\WINDOWS\system32\themeui.dll - ok 11:17:23.0375 2952 [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok 11:17:23.0375 2952 [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok 11:17:23.0375 2952 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll 11:17:23.0375 2952 C:\WINDOWS\system32\actxprxy.dll - ok 11:17:23.0375 2952 [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok 11:17:23.0375 2952 [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok 11:17:23.0375 2952 [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl 11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok 11:17:23.0375 2952 [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok 11:17:23.0390 2952 [ 9244E0240A1D150581C3BAA89D8AA154 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok 11:17:23.0390 2952 [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok 11:17:23.0390 2952 [ 8F220DCB4AA4B2A12ECE5B87C701170D ] C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl - ok 11:17:23.0390 2952 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll 11:17:23.0390 2952 C:\WINDOWS\system32\cabinet.dll - ok 11:17:23.0390 2952 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll 11:17:23.0390 2952 C:\WINDOWS\system32\olepro32.dll - ok 11:17:23.0390 2952 [ CA3B195D98BDBBB7D50C70372CF3005F ] C:\WINDOWS\system32\jsproxy.dll 11:17:23.0390 2952 C:\WINDOWS\system32\jsproxy.dll - ok 11:17:23.0390 2952 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx 11:17:23.0390 2952 C:\WINDOWS\system32\hhctrl.ocx - ok 11:17:23.0390 2952 [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll 11:17:23.0390 2952 C:\WINDOWS\system32\srclient.dll - ok 11:17:23.0390 2952 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll 11:17:23.0390 2952 C:\WINDOWS\system32\wbem\framedyn.dll - ok 11:17:23.0390 2952 [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok 11:17:23.0390 2952 [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll 11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok 11:17:23.0406 2952 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll 11:17:23.0406 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok 11:17:23.0406 2952 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe 11:17:23.0406 2952 C:\WINDOWS\system32\cmd.exe - ok 11:17:23.0406 2952 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll 11:17:23.0406 2952 C:\WINDOWS\system32\mscms.dll - ok 11:17:23.0406 2952 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll 11:17:23.0406 2952 C:\WINDOWS\system32\localspl.dll - ok 11:17:23.0406 2952 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll 11:17:23.0406 2952 C:\WINDOWS\system32\spoolss.dll - ok 11:17:23.0406 2952 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll 11:17:23.0406 2952 C:\WINDOWS\system32\cnbjmon.dll - ok 11:17:23.0406 2952 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll 11:17:23.0406 2952 C:\WINDOWS\system32\ieframe.dll - ok 11:17:23.0406 2952 [ 10F23AE633810BBE7FDA6999714BF166 ] C:\WINDOWS\system32\hpz3l43a.dll 11:17:23.0406 2952 C:\WINDOWS\system32\hpz3l43a.dll - ok 11:17:23.0406 2952 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll 11:17:23.0406 2952 C:\WINDOWS\system32\pjlmon.dll - ok 11:17:23.0406 2952 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll 11:17:23.0406 2952 C:\WINDOWS\system32\tcpmon.dll - ok 11:17:23.0406 2952 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll 11:17:23.0406 2952 C:\WINDOWS\system32\usbmon.dll - ok 11:17:23.0406 2952 [ EA1B063208E4AE322BDF3F2FA235CC9D ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll 11:17:23.0406 2952 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll - ok 11:17:23.0406 2952 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll 11:17:23.0406 2952 C:\WINDOWS\system32\netrap.dll - ok 11:17:23.0421 2952 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll 11:17:23.0421 2952 C:\WINDOWS\system32\win32spl.dll - ok 11:17:23.0421 2952 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll 11:17:23.0421 2952 C:\WINDOWS\system32\inetpp.dll - ok 11:17:23.0421 2952 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll 11:17:23.0421 2952 C:\WINDOWS\system32\icm32.dll - ok 11:17:23.0421 2952 [ A0E86BA4B3E56C1DC277BD7CCEC555DA ] C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll 11:17:23.0421 2952 C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll - ok 11:17:23.0421 2952 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\wdmaud.sys - ok 11:17:23.0421 2952 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv 11:17:23.0421 2952 C:\WINDOWS\system32\wdmaud.drv - ok 11:17:23.0421 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\sysaudio.sys - ok 11:17:23.0421 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\splitter.sys - ok 11:17:23.0421 2952 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\aec.sys - ok 11:17:23.0421 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\swmidi.sys - ok 11:17:23.0421 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys 11:17:23.0421 2952 C:\WINDOWS\system32\drivers\dmusic.sys - ok 11:17:23.0437 2952 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys 11:17:23.0437 2952 C:\WINDOWS\system32\drivers\kmixer.sys - ok 11:17:23.0437 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys 11:17:23.0437 2952 C:\WINDOWS\system32\drivers\drmkaud.sys - ok 11:17:23.0437 2952 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll 11:17:23.0437 2952 C:\WINDOWS\system32\midimap.dll - ok 11:17:23.0437 2952 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv 11:17:23.0437 2952 C:\WINDOWS\system32\msacm32.drv - ok 11:17:23.0437 2952 [ F52603B708438E39FF38475807A01CBC ] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe - ok 11:17:23.0437 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys 11:17:23.0437 2952 C:\WINDOWS\system32\drivers\parport.sys - ok 11:17:23.0437 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll 11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll - ok 11:17:23.0437 2952 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll 11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok 11:17:23.0437 2952 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll 11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok 11:17:23.0437 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll 11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll - ok 11:17:23.0437 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll 11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll - ok 11:17:23.0437 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll 11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll - ok 11:17:23.0437 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\AMSP\utilInstallation.dll 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilInstallation.dll - ok 11:17:23.0453 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll - ok 11:17:23.0453 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\AMSP\utilThread.dll 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilThread.dll - ok 11:17:23.0453 2952 [ 7F9454A776CA6BFB655D8F49CA6110F6 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe 11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe - ok 11:17:23.0453 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok 11:17:23.0453 2952 [ 02AFDA1F5BFF989560B3C8BD7D8F355E ] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe - ok 11:17:23.0453 2952 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll 11:17:23.0453 2952 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok 11:17:23.0453 2952 [ 37864FB65C85C28BB928A9972A02F186 ] C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe - ok 11:17:23.0453 2952 [ 6C15AA98FDD8731CE9560A36F5771986 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe 11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe - ok 11:17:23.0453 2952 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll 11:17:23.0453 2952 C:\WINDOWS\system32\mscoree.dll - ok 11:17:23.0453 2952 [ 09588529557D695FA74275AF7C69219F ] C:\Program Files\Trend Micro\AMSP\sqlite3.dll 11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\sqlite3.dll - ok 11:17:23.0453 2952 [ AB690CD34CF4B4E3DDF78FD4FBCF88C3 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll 11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll - ok 11:17:23.0468 2952 [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll 11:17:23.0468 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok 11:17:23.0468 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 11:17:23.0468 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe - ok 11:17:23.0468 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll 11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll - ok 11:17:23.0468 2952 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll 11:17:23.0468 2952 C:\WINDOWS\system32\cryptsvc.dll - ok 11:17:23.0468 2952 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll 11:17:23.0468 2952 C:\WINDOWS\system32\certcli.dll - ok 11:17:23.0468 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\AMSP\utilIPC.dll 11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilIPC.dll - ok 11:17:23.0468 2952 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll 11:17:23.0468 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok 11:17:23.0468 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\AMSP\utilRPC.dll 11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilRPC.dll - ok 11:17:23.0468 2952 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll 11:17:23.0468 2952 C:\WINDOWS\system32\pdh.dll - ok 11:17:23.0468 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll 11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll - ok 11:17:23.0468 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll 11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll - ok 11:17:23.0468 2952 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll 11:17:23.0468 2952 C:\WINDOWS\system32\odbcbcp.dll - ok 11:17:23.0484 2952 [ 032320A85D15EFD4988FE4A38FF539AC ] C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll 11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll - ok 11:17:23.0484 2952 [ AAED5AC724069372C3983E0E10E5D349 ] C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll 11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll - ok 11:17:23.0484 2952 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll 11:17:23.0484 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok 11:17:23.0484 2952 [ 5ABF7951B2B40BBDFC6DBC895F956D17 ] C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll 11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll - ok 11:17:23.0484 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll 11:17:23.0484 2952 C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll - ok 11:17:23.0484 2952 [ 49A612FBAE2FCDE6044E7F3226D2263D ] C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll 11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll - ok 11:17:23.0484 2952 [ 41EFA82C864083025ED9FF17482CBA53 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll 11:17:23.0484 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll - ok 11:17:23.0484 2952 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll 11:17:23.0484 2952 C:\WINDOWS\system32\hid.dll - ok 11:17:23.0484 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll 11:17:23.0484 2952 C:\WINDOWS\system32\hidserv.dll - ok 11:17:23.0484 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] C:\WINDOWS\system32\HPZipm12.exe 11:17:23.0484 2952 C:\WINDOWS\system32\HPZipm12.exe - ok 11:17:23.0484 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] C:\WINDOWS\system32\IoctlSvc.exe 11:17:23.0484 2952 C:\WINDOWS\system32\IoctlSvc.exe - ok 11:17:23.0484 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll 11:17:23.0484 2952 C:\WINDOWS\system32\netman.dll - ok 11:17:23.0500 2952 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll 11:17:23.0500 2952 C:\WINDOWS\system32\ipsecsvc.dll - ok 11:17:23.0500 2952 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll 11:17:23.0500 2952 C:\WINDOWS\system32\netshell.dll - ok 11:17:23.0500 2952 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll 11:17:23.0500 2952 C:\WINDOWS\system32\oakley.dll - ok 11:17:23.0500 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok 11:17:23.0500 2952 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll 11:17:23.0500 2952 C:\WINDOWS\system32\winipsec.dll - ok 11:17:23.0500 2952 [ 95DDCEF11BA9BA30402C7FA8C893A59C ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll 11:17:23.0500 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll - ok 11:17:23.0500 2952 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll 11:17:23.0500 2952 C:\WINDOWS\system32\pstorsvc.dll - ok 11:17:23.0500 2952 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll 11:17:23.0500 2952 C:\WINDOWS\system32\credui.dll - ok 11:17:23.0500 2952 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll 11:17:23.0500 2952 C:\WINDOWS\system32\psbase.dll - ok 11:17:23.0500 2952 [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok 11:17:23.0500 2952 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll 11:17:23.0500 2952 C:\WINDOWS\system32\dot3dlg.dll - ok 11:17:23.0500 2952 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll 11:17:23.0500 2952 C:\WINDOWS\system32\dssenh.dll - ok 11:17:23.0515 2952 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll 11:17:23.0515 2952 C:\WINDOWS\system32\onex.dll - ok 11:17:23.0515 2952 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll 11:17:23.0515 2952 C:\WINDOWS\system32\eappcfg.dll - ok 11:17:23.0515 2952 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll 11:17:23.0515 2952 C:\WINDOWS\system32\eappprxy.dll - ok 11:17:23.0515 2952 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll 11:17:23.0515 2952 C:\WINDOWS\system32\vssapi.dll - ok 11:17:23.0515 2952 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll 11:17:23.0515 2952 C:\WINDOWS\system32\wzcsapi.dll - ok 11:17:23.0515 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll 11:17:23.0515 2952 C:\WINDOWS\system32\srvsvc.dll - ok 11:17:23.0515 2952 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll 11:17:23.0515 2952 C:\WINDOWS\system32\netmsg.dll - ok 11:17:23.0515 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll 11:17:23.0515 2952 C:\WINDOWS\system32\es.dll - ok 11:17:23.0515 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys 11:17:23.0515 2952 C:\WINDOWS\system32\drivers\srv.sys - ok 11:17:23.0515 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe 11:17:23.0515 2952 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok 11:17:23.0515 2952 [ 118EDC3E712FF83CE25612081A69075D ] C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 11:17:23.0515 2952 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe - ok 11:17:23.0515 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll 11:17:23.0515 2952 C:\WINDOWS\system32\seclogon.dll - ok 11:17:23.0515 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll 11:17:23.0515 2952 C:\WINDOWS\system32\sens.dll - ok 11:17:23.0531 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll 11:17:23.0531 2952 C:\WINDOWS\system32\srsvc.dll - ok 11:17:23.0531 2952 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll 11:17:23.0531 2952 C:\WINDOWS\system32\msi.dll - ok 11:17:23.0531 2952 [ 3F9A3232E5F942874488981F3242C989 ] C:\Program Files\UPHClean\uphclean.exe 11:17:23.0531 2952 C:\Program Files\UPHClean\uphclean.exe - ok 11:17:23.0531 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe 11:17:23.0531 2952 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe - ok 11:17:23.0531 2952 [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys 11:17:23.0531 2952 C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok 11:17:23.0531 2952 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll 11:17:23.0531 2952 C:\WINDOWS\system32\wuaueng.dll - ok 11:17:23.0531 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll 11:17:23.0531 2952 C:\WINDOWS\system32\wuauserv.dll - ok 11:17:23.0531 2952 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll 11:17:23.0531 2952 C:\WINDOWS\system32\mspatcha.dll - ok 11:17:23.0531 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 11:17:23.0531 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok 11:17:23.0531 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll 11:17:23.0531 2952 C:\WINDOWS\system32\wbem\wmisvc.dll - ok 11:17:23.0531 2952 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll 11:17:23.0531 2952 C:\WINDOWS\system32\comsvcs.dll - ok 11:17:23.0546 2952 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll 11:17:23.0546 2952 C:\WINDOWS\system32\colbact.dll - ok 11:17:23.0546 2952 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll 11:17:23.0546 2952 C:\WINDOWS\system32\clusapi.dll - ok 11:17:23.0546 2952 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll 11:17:23.0546 2952 C:\WINDOWS\system32\mtxclu.dll - ok 11:17:23.0546 2952 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll 11:17:23.0546 2952 C:\WINDOWS\system32\resutils.dll - ok 11:17:23.0546 2952 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wups.dll - ok 11:17:23.0546 2952 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wups2.dll - ok 11:17:23.0546 2952 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe 11:17:23.0546 2952 C:\WINDOWS\system32\wuauclt.exe - ok 11:17:23.0546 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll 11:17:23.0546 2952 C:\WINDOWS\system32\ipnathlp.dll - ok 11:17:23.0546 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wscsvc.dll - ok 11:17:23.0546 2952 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wbem\wbemcore.dll - ok 11:17:23.0546 2952 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wbem\esscli.dll - ok 11:17:23.0546 2952 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll 11:17:23.0546 2952 C:\WINDOWS\system32\wbem\fastprox.dll - ok 11:17:23.0562 2952 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok 11:17:23.0562 2952 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiutils.dll - ok 11:17:23.0562 2952 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok 11:17:23.0562 2952 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok 11:17:23.0562 2952 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemess.dll - ok 11:17:23.0562 2952 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wuapi.dll - ok 11:17:23.0562 2952 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\ncprov.dll - ok 11:17:23.0562 2952 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll 11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemcons.dll - ok 11:17:23.0562 2952 [ E5244A5462FA1F0267D8923538530AF4 ] C:\WINDOWS\system32\nlsdl.dll 11:17:23.0562 2952 C:\WINDOWS\system32\nlsdl.dll - ok 11:17:23.0562 2952 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll 11:17:23.0562 2952 C:\WINDOWS\system32\linkinfo.dll - ok 11:17:23.0562 2952 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll 11:17:23.0562 2952 C:\WINDOWS\system32\ntshrui.dll - ok 11:17:23.0562 2952 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe 11:17:23.0562 2952 C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe - ok 11:17:23.0578 2952 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll 11:17:23.0578 2952 C:\WINDOWS\system32\msctf.dll - ok 11:17:23.0578 2952 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll 11:17:23.0578 2952 C:\WINDOWS\system32\msutb.dll - ok 11:17:23.0578 2952 [ 0671A791C292F46423CFE37B53D598D0 ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll 11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok 11:17:23.0578 2952 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe 11:17:23.0578 2952 C:\WINDOWS\system32\verclsid.exe - ok 11:17:23.0578 2952 [ FAD9807ACDE89A34D2EB4743D57016D7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll 11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok 11:17:23.0578 2952 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40459742.sys 11:17:23.0578 2952 C:\WINDOWS\system32\drivers\40459742.sys - ok 11:17:23.0578 2952 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll 11:17:23.0578 2952 C:\WINDOWS\system32\mlang.dll - ok 11:17:23.0578 2952 [ 569CDDD12656B793732A573D192472F5 ] C:\Program Files\AVG Secure Search\HF_G_Jul.exe 11:17:23.0578 2952 C:\Program Files\AVG Secure Search\HF_G_Jul.exe - ok 11:17:23.0578 2952 [ C25602103B927A359B3ED9307EB37ED6 ] C:\Program Files\AVG Secure Search\vprot.exe 11:17:23.0578 2952 C:\Program Files\AVG Secure Search\vprot.exe - ok 11:17:23.0578 2952 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll 11:17:23.0578 2952 C:\WINDOWS\system32\upnp.dll - ok 11:17:23.0578 2952 [ D29046DC1D22561F3CE08DAC22BBB17B ] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe 11:17:23.0578 2952 C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe - ok 11:17:23.0578 2952 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 11:17:23.0578 2952 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok 11:17:23.0593 2952 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe 11:17:23.0593 2952 C:\WINDOWS\system32\rundll32.exe - ok 11:17:23.0593 2952 [ 102596AFB271F540E0C77C3634775FE6 ] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe 11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe - ok 11:17:23.0593 2952 [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe 11:17:23.0593 2952 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok 11:17:23.0593 2952 [ F290C5F240CD5D0B60C5168A0FA1F2E2 ] C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe 11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe - ok 11:17:23.0593 2952 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll 11:17:23.0593 2952 C:\WINDOWS\system32\ssdpapi.dll - ok 11:17:23.0593 2952 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll 11:17:23.0593 2952 C:\WINDOWS\system32\netcfgx.dll - ok 11:17:23.0593 2952 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll 11:17:23.0593 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok 11:17:23.0593 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll 11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll - ok 11:17:23.0593 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll 11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll - ok 11:17:23.0593 2952 [ 6BD2C65C3CC612891B552EBB3A7F5370 ] C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll 11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll - ok 11:17:23.0593 2952 [ 2A840675AA2FA3183A86859D441B1B9B ] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll 11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - ok 11:17:23.0593 2952 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll 11:17:23.0593 2952 C:\WINDOWS\system32\webcheck.dll - ok 11:17:23.0609 2952 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll 11:17:23.0609 2952 C:\WINDOWS\system32\batmeter.dll - ok 11:17:23.0609 2952 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll 11:17:23.0609 2952 C:\WINDOWS\system32\stobject.dll - ok 11:17:23.0609 2952 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL 11:17:23.0609 2952 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok 11:17:23.0609 2952 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll 11:17:23.0609 2952 C:\WINDOWS\system32\WPDShServiceObj.dll - ok 11:17:23.0609 2952 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll 11:17:23.0609 2952 C:\WINDOWS\system32\mydocs.dll - ok 11:17:23.0609 2952 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll 11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok 11:17:23.0609 2952 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll 11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceApi.dll - ok 11:17:23.0609 2952 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll 11:17:23.0609 2952 C:\WINDOWS\system32\usp10.dll - ok 11:17:23.0609 2952 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll 11:17:23.0609 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok 11:17:23.0609 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll 11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll - ok 11:17:23.0609 2952 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll 11:17:23.0609 2952 C:\WINDOWS\system32\rasdlg.dll - ok 11:17:23.0609 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll 11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll - ok 11:17:23.0625 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll - ok 11:17:23.0625 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll - ok 11:17:23.0625 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll - ok 11:17:23.0625 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll - ok 11:17:23.0625 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll - ok 11:17:23.0625 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll - ok 11:17:23.0625 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll - ok 11:17:23.0625 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll - ok 11:17:23.0625 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll 11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll - ok 11:17:23.0625 2952 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe 11:17:23.0625 2952 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok 11:17:23.0625 2952 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll 11:17:23.0625 2952 C:\WINDOWS\system32\msvcp100.dll - ok 11:17:23.0625 2952 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll 11:17:23.0625 2952 C:\WINDOWS\system32\msvcr100.dll - ok 11:17:23.0640 2952 [ D870F564BA017FEFC51D2B3C7E2B568B ] C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll 11:17:23.0640 2952 C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll - ok 11:17:23.0640 2952 [ 396F72E102E368E402736813ED6683C7 ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll 11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll - ok 11:17:23.0640 2952 [ 54E2D3E2B827A8C3E4B907A4711A31AF ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll 11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll - ok 11:17:23.0640 2952 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe 11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok 11:17:23.0640 2952 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll 11:17:23.0640 2952 C:\WINDOWS\system32\wbem\cimwin32.dll - ok 11:17:23.0640 2952 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll 11:17:23.0640 2952 C:\WINDOWS\system32\security.dll - ok 11:17:23.0640 2952 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll 11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmipcima.dll - ok 11:17:23.0640 2952 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll 11:17:23.0640 2952 C:\WINDOWS\system32\cfgmgr32.dll - ok 11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll 11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll - ok 11:17:23.0640 2952 [ C1630C379C86AF26E8071F918F48637C ] C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll 11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll - ok 11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll 11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll - ok 11:17:23.0640 2952 [ 767FD31EC6BD6173756ED46400BD0394 ] C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll 11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll - ok 11:17:23.0656 2952 [ 166C8CEB569EF57626A1466BFE5DDFBC ] C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll - ok 11:17:23.0656 2952 [ 7B97CD8C5ABA843D82114B77A4CB9FB5 ] C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll - ok 11:17:23.0656 2952 [ 48F2986BAFC9A7BDB694AE6FF8E0157E ] C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll - ok 11:17:23.0656 2952 [ A60E337E5C366AFAFAE5E0751826BEFD ] C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\libprotobuf.dll - ok 11:17:23.0656 2952 [ B95D1CEC2EF487CFF16FF5D4B058294A ] C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll - ok 11:17:23.0656 2952 [ BF2222B87C8761A9D4B78F1BACFF0E87 ] C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll - ok 11:17:23.0656 2952 [ 4796E57D857ED1B3C8D00712E9DBC40A ] C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll - ok 11:17:23.0656 2952 [ 8102BAB3919F8D627808916294A7CB91 ] C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll - ok 11:17:23.0656 2952 [ 3A8269C4062B46EF6C7075CA29F8FB86 ] C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll - ok 11:17:23.0656 2952 [ 9F7BA8C8D12FFEC4DCF35070B894D018 ] C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll - ok 11:17:23.0656 2952 [ 8A9A1C50BBBF159ADC16397550180470 ] C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll - ok 11:17:23.0656 2952 [ 55295E10ED6D63B778908C5DEE1B65C4 ] C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll 11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll - ok 11:17:23.0671 2952 [ 3F5F21B9B4A2CA16D2825147395220DF ] C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll - ok 11:17:23.0671 2952 [ DB23CB8ED6D0459BE01DF87F3AE48CB8 ] C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll - ok 11:17:23.0671 2952 [ E5276D9A384609679C6925021E1C606A ] C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll - ok 11:17:23.0671 2952 [ 6DCC9211C76C380DCABB53F62DDB0BDF ] C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll - ok 11:17:23.0671 2952 [ 3117843D22D54AAF379C19CA7D612C76 ] C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll - ok 11:17:23.0671 2952 [ D7D81782F793C417CA7EC22EB7852A34 ] C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll - ok 11:17:23.0671 2952 [ DACC9B0A1134E5AE263F8AE69E13AB0B ] C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll - ok 11:17:23.0671 2952 [ 3485D3E48434930A4992329FFAB7C7B8 ] C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll - ok 11:17:23.0671 2952 [ 5E6162C9E9B56ECB4EB323436165ABA6 ] C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll - ok 11:17:23.0671 2952 [ 7BF25CE72FDAE9145502459766C391AC ] C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll - ok 11:17:23.0671 2952 [ 9CAE50E7E5F4513151C4394EF0ADBD18 ] C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll - ok 11:17:23.0671 2952 [ 19738D06F0FEA843409C456F07F68DF9 ] C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll 11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll - ok 11:17:23.0687 2952 [ BA579C58DB2E90B1309D594776480E41 ] C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll - ok 11:17:23.0687 2952 [ B5E4ED1579EBED2E600BDD889A93CB0C ] C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll - ok 11:17:23.0687 2952 [ C033C4A259CFE9D392455755C6F5D44F ] C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll - ok 11:17:23.0687 2952 [ 7B40AE9B3B9D6F1A3CC2A42F8A809F45 ] C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll - ok 11:17:23.0687 2952 [ EE8681F8FF1A3BC2ABB8FCDAFE62A8A2 ] C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll - ok 11:17:23.0687 2952 [ FC061EBC804BF83DD729B0077514DC73 ] C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll - ok 11:17:23.0687 2952 [ 285B47EAD7A8D8F01120170F3C513F89 ] C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll - ok 11:17:23.0687 2952 [ 36D4F70629990ABEAD2F52BAAA1B8C19 ] C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll - ok 11:17:23.0687 2952 [ 3852FF230E9ABA1E18C670FA891BA409 ] C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll - ok 11:17:23.0687 2952 [ 8990207AE499C7D8ED5BE62DBCF02283 ] C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll - ok 11:17:23.0687 2952 [ C6755C665A01532D3C771FB0CC929EEF ] C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll - ok 11:17:23.0687 2952 [ 71AA893314D164F483EA6E9FBE815B87 ] C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll 11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll - ok 11:17:23.0703 2952 [ B7423E099AE3DDCE20E5AD3CAD4B71F9 ] C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll - ok 11:17:23.0703 2952 [ 9DA1F44786834B4961309BFD60F18248 ] C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll - ok 11:17:23.0703 2952 [ 11262E9F8455E5F30C69E917E0103E01 ] C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll - ok 11:17:23.0703 2952 [ 9EA2D216C448D570A12694743D1F3518 ] C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll - ok 11:17:23.0703 2952 [ 3FE418C9408EA5FC2B740B2CAABC71E1 ] C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll - ok 11:17:23.0703 2952 [ DA4569BF80F3AEF8D09A7E01C2DD8FB8 ] C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll - ok 11:17:23.0703 2952 [ 988A84A1E59647390044170E33D5337F ] C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll 11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll - ok 11:17:23.0703 2952 ============================================================ 11:17:23.0703 2952 Scan finished 11:17:23.0703 2952 ============================================================ 11:17:23.0703 2944 Detected object count: 0 11:17:23.0703 2944 Actual detected object count: 0

11:16:47.0031 3336 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:16:47.0781 3336 ============================================================ 11:16:47.0781 3336 Current date / time: 2013/01/09 11:16:47.0781 11:16:47.0781 3336 SystemInfo: 11:16:47.0781 3336 11:16:47.0781 3336 OS Version: 5.1.2600 ServicePack: 3.0 11:16:47.0781 3336 Product type: Workstation 11:16:47.0781 3336 ComputerName: HOME 11:16:47.0781 3336 UserName: NEIL'S 11:16:47.0781 3336 Windows directory: C:\WINDOWS 11:16:47.0781 3336 System windows directory: C:\WINDOWS 11:16:47.0781 3336 Processor architecture: Intel x86 11:16:47.0781 3336 Number of processors: 2 11:16:47.0781 3336 Page size: 0x1000 11:16:47.0781 3336 Boot type: Normal boot 11:16:47.0781 3336 ============================================================ 11:16:48.0890 3336 BG loaded 11:16:49.0218 3336 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:16:49.0218 3336 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:16:49.0234 3336 ============================================================ 11:16:49.0234 3336 \Device\Harddisk0\DR0: 11:16:49.0234 3336 MBR partitions: 11:16:49.0234 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41 11:16:49.0234 3336 \Device\Harddisk1\DR1: 11:16:49.0234 3336 MBR partitions: 11:16:49.0234 3336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682 11:16:49.0234 3336 ============================================================ 11:16:49.0281 3336 C: <-> \Device\Harddisk0\DR0\Partition1 11:16:49.0296 3336 F: <-> \Device\Harddisk1\DR1\Partition1 11:16:49.0296 3336 ============================================================ 11:16:49.0296 3336 Initialize success 11:16:49.0296 3336 ============================================================ 11:17:13.0984 2952 ============================================================ 11:17:13.0984 2952 Scan started 11:17:13.0984 2952 Mode: Manual; TDLFS; 11:17:13.0984 2952 ============================================================ 11:17:14.0250 2952 ================ Scan system memory ======================== 11:17:14.0250 2952 System memory - ok 11:17:14.0250 2952 ================ Scan services ============================= 11:17:14.0312 2952 A2DDA - ok 11:17:14.0312 2952 Abiosdsk - ok 11:17:14.0312 2952 abp480n5 - ok 11:17:14.0328 2952 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:17:14.0328 2952 ACPI - ok 11:17:14.0343 2952 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 11:17:14.0343 2952 ACPIEC - ok 11:17:14.0375 2952 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:17:14.0375 2952 AdobeFlashPlayerUpdateSvc - ok 11:17:14.0375 2952 adpu160m - ok 11:17:14.0421 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe 11:17:14.0421 2952 AdvancedSystemCareService6 - ok 11:17:14.0437 2952 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 11:17:14.0437 2952 aec - ok 11:17:14.0453 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 11:17:14.0453 2952 AFD - ok 11:17:14.0453 2952 Aha154x - ok 11:17:14.0468 2952 aic78u2 - ok 11:17:14.0468 2952 aic78xx - ok 11:17:14.0484 2952 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 11:17:14.0484 2952 Alerter - ok 11:17:14.0484 2952 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe 11:17:14.0484 2952 ALG - ok 11:17:14.0500 2952 AliIde - ok 11:17:14.0500 2952 amsint - ok 11:17:14.0546 2952 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 11:17:14.0546 2952 Amsp - ok 11:17:14.0562 2952 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 11:17:14.0562 2952 AppMgmt - ok 11:17:14.0562 2952 asc - ok 11:17:14.0562 2952 asc3350p - ok 11:17:14.0578 2952 asc3550 - ok 11:17:14.0578 2952 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys 11:17:14.0578 2952 AsIO - ok 11:17:14.0625 2952 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 11:17:14.0640 2952 aspnet_state - ok 11:17:14.0656 2952 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:17:14.0656 2952 AsyncMac - ok 11:17:14.0671 2952 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 11:17:14.0671 2952 atapi - ok 11:17:14.0687 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys 11:17:14.0687 2952 AtcL001 - ok 11:17:14.0687 2952 Atdisk - ok 11:17:14.0687 2952 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:17:14.0687 2952 Atmarpc - ok 11:17:14.0703 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 11:17:14.0703 2952 AudioSrv - ok 11:17:14.0718 2952 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 11:17:14.0718 2952 audstub - ok 11:17:14.0734 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys 11:17:14.0734 2952 avgtp - ok 11:17:14.0734 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 11:17:14.0750 2952 Beep - ok 11:17:14.0765 2952 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 11:17:14.0781 2952 BITS - ok 11:17:14.0796 2952 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 11:17:14.0796 2952 Browser - ok 11:17:14.0812 2952 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 11:17:14.0812 2952 cbidf2k - ok 11:17:14.0812 2952 cd20xrnt - ok 11:17:14.0812 2952 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 11:17:14.0812 2952 Cdaudio - ok 11:17:14.0828 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 11:17:14.0828 2952 Cdfs - ok 11:17:14.0828 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:17:14.0828 2952 Cdrom - ok 11:17:14.0843 2952 Changer - ok 11:17:14.0859 2952 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 11:17:14.0859 2952 CiSvc - ok 11:17:14.0859 2952 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 11:17:14.0859 2952 ClipSrv - ok 11:17:14.0875 2952 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:17:14.0921 2952 clr_optimization_v2.0.50727_32 - ok 11:17:14.0937 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:17:14.0953 2952 clr_optimization_v4.0.30319_32 - ok 11:17:14.0953 2952 CmdIde - ok 11:17:14.0953 2952 COMSysApp - ok 11:17:14.0953 2952 Cpqarray - ok 11:17:14.0968 2952 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 11:17:14.0968 2952 CryptSvc - ok 11:17:14.0968 2952 dac2w2k - ok 11:17:14.0984 2952 dac960nt - ok 11:17:15.0000 2952 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 11:17:15.0000 2952 DcomLaunch - ok 11:17:15.0015 2952 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 11:17:15.0015 2952 Dhcp - ok 11:17:15.0031 2952 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 11:17:15.0031 2952 Disk - ok 11:17:15.0062 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe 11:17:15.0078 2952 Diskeeper - ok 11:17:15.0078 2952 dmadmin - ok 11:17:15.0109 2952 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 11:17:15.0125 2952 dmboot - ok 11:17:15.0125 2952 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys 11:17:15.0125 2952 dmio - ok 11:17:15.0140 2952 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 11:17:15.0140 2952 dmload - ok 11:17:15.0140 2952 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 11:17:15.0156 2952 dmserver - ok 11:17:15.0156 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 11:17:15.0156 2952 DMusic - ok 11:17:15.0171 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 11:17:15.0171 2952 Dnscache - ok 11:17:15.0187 2952 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 11:17:15.0187 2952 Dot3svc - ok 11:17:15.0187 2952 dpti2o - ok 11:17:15.0203 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 11:17:15.0203 2952 drmkaud - ok 11:17:15.0218 2952 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 11:17:15.0218 2952 EapHost - ok 11:17:15.0234 2952 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 11:17:15.0234 2952 ERSvc - ok 11:17:15.0234 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 11:17:15.0234 2952 Eventlog - ok 11:17:15.0250 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 11:17:15.0265 2952 EventSystem - ok 11:17:15.0265 2952 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 11:17:15.0265 2952 Fastfat - ok 11:17:15.0296 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 11:17:15.0296 2952 FastUserSwitchingCompatibility - ok 11:17:15.0312 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 11:17:15.0312 2952 Fdc - ok 11:17:15.0359 2952 [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys 11:17:15.0359 2952 FileMonitor - ok 11:17:15.0375 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 11:17:15.0375 2952 Fips - ok 11:17:15.0390 2952 Fix-It Task Manager - ok 11:17:15.0390 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:17:15.0390 2952 Flpydisk - ok 11:17:15.0406 2952 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 11:17:15.0421 2952 FltMgr - ok 11:17:15.0437 2952 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 11:17:15.0437 2952 FontCache3.0.0.0 - ok 11:17:15.0437 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:17:15.0437 2952 Fs_Rec - ok 11:17:15.0453 2952 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:17:15.0453 2952 Ftdisk - ok 11:17:15.0453 2952 GMSIPCI - ok 11:17:15.0468 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:17:15.0468 2952 Gpc - ok 11:17:15.0484 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:17:15.0484 2952 HDAudBus - ok 11:17:15.0515 2952 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 11:17:15.0515 2952 helpsvc - ok 11:17:15.0531 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 11:17:15.0531 2952 HidServ - ok 11:17:15.0531 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:17:15.0531 2952 hidusb - ok 11:17:15.0546 2952 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 11:17:15.0546 2952 hkmsvc - ok 11:17:15.0593 2952 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE 11:17:15.0593 2952 HP Port Resolver - ok 11:17:15.0609 2952 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE 11:17:15.0609 2952 HP Status Server - ok 11:17:15.0609 2952 hpn - ok 11:17:15.0625 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 11:17:15.0625 2952 HPZid412 - ok 11:17:15.0640 2952 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 11:17:15.0640 2952 HPZipr12 - ok 11:17:15.0640 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 11:17:15.0640 2952 HPZius12 - ok 11:17:15.0656 2952 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 11:17:15.0656 2952 HTTP - ok 11:17:15.0671 2952 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 11:17:15.0671 2952 HTTPFilter - ok 11:17:15.0671 2952 i2omgmt - ok 11:17:15.0671 2952 i2omp - ok 11:17:15.0671 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:17:15.0671 2952 i8042prt - ok 11:17:15.0718 2952 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 11:17:15.0718 2952 IDriverT - ok 11:17:15.0734 2952 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:17:15.0750 2952 idsvc - ok 11:17:15.0765 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 11:17:15.0765 2952 Imapi - ok 11:17:15.0796 2952 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 11:17:15.0812 2952 ImapiService - ok 11:17:15.0875 2952 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe 11:17:15.0875 2952 IMFservice - ok 11:17:15.0890 2952 ini910u - ok 11:17:16.0000 2952 [ 976BFBACF0099565B14810D4840CFC6F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys 11:17:16.0015 2952 IntcAzAudAddService - ok 11:17:16.0015 2952 IntelIde - ok 11:17:16.0031 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 11:17:16.0031 2952 intelppm - ok 11:17:16.0046 2952 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 11:17:16.0046 2952 Ip6Fw - ok 11:17:16.0062 2952 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:17:16.0062 2952 IpFilterDriver - ok 11:17:16.0078 2952 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:17:16.0093 2952 IpInIp - ok 11:17:16.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:17:16.0109 2952 IpNat - ok 11:17:16.0109 2952 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:17:16.0109 2952 IPSec - ok 11:17:16.0125 2952 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 11:17:16.0125 2952 IRENUM - ok 11:17:16.0140 2952 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys 11:17:16.0140 2952 irsir - ok 11:17:16.0156 2952 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:17:16.0156 2952 isapnp - ok 11:17:16.0203 2952 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 11:17:16.0203 2952 JavaQuickStarterService - ok 11:17:16.0218 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:17:16.0218 2952 Kbdclass - ok 11:17:16.0218 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 11:17:16.0218 2952 kbdhid - ok 11:17:16.0218 2952 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 11:17:16.0218 2952 kmixer - ok 11:17:16.0234 2952 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 11:17:16.0234 2952 KSecDD - ok 11:17:16.0250 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 11:17:16.0250 2952 lanmanserver - ok 11:17:16.0265 2952 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 11:17:16.0265 2952 lanmanworkstation - ok 11:17:16.0265 2952 lbrtfdc - ok 11:17:16.0265 2952 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 11:17:16.0281 2952 LmHosts - ok 11:17:16.0281 2952 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 11:17:16.0281 2952 Messenger - ok 11:17:16.0296 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 11:17:16.0296 2952 mnmdd - ok 11:17:16.0328 2952 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 11:17:16.0328 2952 mnmsrvc - ok 11:17:16.0343 2952 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 11:17:16.0343 2952 Modem - ok 11:17:16.0359 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:17:16.0359 2952 Mouclass - ok 11:17:16.0390 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 11:17:16.0390 2952 mouhid - ok 11:17:16.0390 2952 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 11:17:16.0390 2952 MountMgr - ok 11:17:16.0406 2952 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 11:17:16.0406 2952 MozillaMaintenance - ok 11:17:16.0406 2952 mraid35x - ok 11:17:16.0421 2952 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:17:16.0421 2952 MRxDAV - ok 11:17:16.0468 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:17:16.0468 2952 MRxSmb - ok 11:17:16.0484 2952 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 11:17:16.0484 2952 MSDTC - ok 11:17:16.0500 2952 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 11:17:16.0500 2952 Msfs - ok 11:17:16.0500 2952 MSICPL - ok 11:17:16.0500 2952 MSIServer - ok 11:17:16.0515 2952 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:17:16.0515 2952 MSKSSRV - ok 11:17:16.0531 2952 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:17:16.0531 2952 MSPCLOCK - ok 11:17:16.0546 2952 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 11:17:16.0546 2952 MSPQM - ok 11:17:16.0562 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:17:16.0562 2952 mssmbios - ok 11:17:16.0578 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys 11:17:16.0578 2952 MTsensor - ok 11:17:16.0593 2952 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 11:17:16.0593 2952 Mup - ok 11:17:16.0625 2952 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 11:17:16.0640 2952 napagent - ok 11:17:16.0703 2952 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 11:17:16.0734 2952 NBService - ok 11:17:16.0765 2952 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 11:17:16.0781 2952 NDIS - ok 11:17:16.0796 2952 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:17:16.0796 2952 NdisTapi - ok 11:17:16.0796 2952 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:17:16.0796 2952 Ndisuio - ok 11:17:16.0812 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:17:16.0828 2952 NdisWan - ok 11:17:16.0828 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 11:17:16.0828 2952 NDProxy - ok 11:17:16.0843 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 11:17:16.0843 2952 NetBIOS - ok 11:17:16.0859 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 11:17:16.0859 2952 NetBT - ok 11:17:16.0875 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 11:17:16.0890 2952 NetDDE - ok 11:17:16.0890 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 11:17:16.0890 2952 NetDDEdsdm - ok 11:17:16.0906 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 11:17:16.0906 2952 Netlogon - ok 11:17:16.0921 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 11:17:16.0921 2952 Netman - ok 11:17:16.0937 2952 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:17:16.0937 2952 NetTcpPortSharing - ok 11:17:16.0953 2952 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 11:17:16.0953 2952 Nla - ok 11:17:17.0015 2952 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 11:17:17.0031 2952 NMIndexingService - ok 11:17:17.0046 2952 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys 11:17:17.0062 2952 NPF - ok 11:17:17.0062 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 11:17:17.0062 2952 Npfs - ok 11:17:17.0062 2952 NTACCESS - ok 11:17:17.0093 2952 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 11:17:17.0125 2952 Ntfs - ok 11:17:17.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 11:17:17.0125 2952 NtLmSsp - ok 11:17:17.0140 2952 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 11:17:17.0156 2952 NtmsSvc - ok 11:17:17.0156 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 11:17:17.0156 2952 Null - ok 11:17:17.0421 2952 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 11:17:17.0453 2952 nv - ok 11:17:17.0484 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe 11:17:17.0484 2952 NVSvc - ok 11:17:17.0500 2952 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:17:17.0515 2952 NwlnkFlt - ok 11:17:17.0531 2952 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:17:17.0531 2952 NwlnkFwd - ok 11:17:17.0593 2952 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:17:17.0593 2952 odserv - ok 11:17:17.0625 2952 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:17:17.0625 2952 ose - ok 11:17:17.0640 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys 11:17:17.0640 2952 Parport - ok 11:17:17.0656 2952 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 11:17:17.0656 2952 PartMgr - ok 11:17:17.0671 2952 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 11:17:17.0671 2952 ParVdm - ok 11:17:17.0671 2952 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 11:17:17.0671 2952 PCI - ok 11:17:17.0671 2952 PCIDump - ok 11:17:17.0687 2952 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys 11:17:17.0687 2952 PCIIde - ok 11:17:17.0703 2952 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 11:17:17.0718 2952 Pcmcia - ok 11:17:17.0718 2952 PDCOMP - ok 11:17:17.0718 2952 PDFRAME - ok 11:17:17.0718 2952 PDRELI - ok 11:17:17.0718 2952 PDRFRAME - ok 11:17:17.0718 2952 perc2 - ok 11:17:17.0718 2952 perc2hib - ok 11:17:17.0734 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe 11:17:17.0734 2952 PLFlash DeviceIoControl Service - ok 11:17:17.0750 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 11:17:17.0750 2952 PlugPlay - ok 11:17:17.0765 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe 11:17:17.0765 2952 Pml Driver HPZ12 - ok 11:17:17.0765 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 11:17:17.0765 2952 PolicyAgent - ok 11:17:17.0781 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:17:17.0781 2952 PptpMiniport - ok 11:17:17.0781 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 11:17:17.0781 2952 ProtectedStorage - ok 11:17:17.0781 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 11:17:17.0781 2952 PSched - ok 11:17:17.0796 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:17:17.0796 2952 Ptilink - ok 11:17:17.0796 2952 ql1080 - ok 11:17:17.0796 2952 Ql10wnt - ok 11:17:17.0796 2952 ql12160 - ok 11:17:17.0796 2952 ql1240 - ok 11:17:17.0796 2952 ql1280 - ok 11:17:17.0812 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:17:17.0812 2952 RasAcd - ok 11:17:17.0843 2952 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 11:17:17.0843 2952 RasAuto - ok 11:17:17.0859 2952 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys 11:17:17.0875 2952 Rasirda - ok 11:17:17.0875 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:17:17.0875 2952 Rasl2tp - ok 11:17:17.0890 2952 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 11:17:17.0890 2952 RasMan - ok 11:17:17.0890 2952 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:17:17.0890 2952 RasPppoe - ok 11:17:17.0906 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 11:17:17.0906 2952 Raspti - ok 11:17:17.0937 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:17:17.0937 2952 Rdbss - ok 11:17:17.0953 2952 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:17:17.0953 2952 RDPCDD - ok 11:17:17.0968 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:17:17.0968 2952 rdpdr - ok 11:17:17.0984 2952 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 11:17:17.0984 2952 RDPWD - ok 11:17:18.0000 2952 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 11:17:18.0000 2952 RDSessMgr - ok 11:17:18.0015 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 11:17:18.0015 2952 redbook - ok 11:17:18.0015 2952 [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys 11:17:18.0015 2952 RegFilter - ok 11:17:18.0031 2952 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 11:17:18.0031 2952 RemoteAccess - ok 11:17:18.0046 2952 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 11:17:18.0046 2952 RemoteRegistry - ok 11:17:18.0062 2952 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe 11:17:18.0062 2952 rpcapd - ok 11:17:18.0078 2952 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 11:17:18.0078 2952 RpcLocator - ok 11:17:18.0093 2952 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll 11:17:18.0093 2952 RpcSs - ok 11:17:18.0109 2952 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 11:17:18.0109 2952 RSVP - ok 11:17:18.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 11:17:18.0125 2952 SamSs - ok 11:17:18.0125 2952 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 11:17:18.0140 2952 SCardSvr - ok 11:17:18.0156 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 11:17:18.0156 2952 Schedule - ok 11:17:18.0250 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe 11:17:18.0250 2952 SDScannerService - ok 11:17:18.0843 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe 11:17:18.0875 2952 SDUpdateService - ok 11:17:18.0906 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe 11:17:18.0921 2952 SDWSCService - ok 11:17:19.0187 2952 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:17:19.0203 2952 Secdrv - ok 11:17:19.0218 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 11:17:19.0218 2952 seclogon - ok 11:17:19.0312 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 11:17:19.0312 2952 SENS - ok 11:17:19.0421 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 11:17:19.0421 2952 serenum - ok 11:17:19.0468 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 11:17:19.0484 2952 Serial - ok 11:17:19.0484 2952 SetupNTGLM7X - ok 11:17:19.0500 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 11:17:19.0500 2952 Sfloppy - ok 11:17:19.0703 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 11:17:19.0703 2952 SharedAccess - ok 11:17:19.0750 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 11:17:19.0750 2952 ShellHWDetection - ok 11:17:19.0750 2952 Simbad - ok 11:17:19.0765 2952 Sparrow - ok 11:17:19.0781 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 11:17:19.0781 2952 splitter - ok 11:17:19.0796 2952 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 11:17:19.0812 2952 Spooler - ok 11:17:19.0843 2952 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 11:17:19.0843 2952 sr - ok 11:17:19.0875 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 11:17:19.0875 2952 srservice - ok 11:17:19.0906 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 11:17:19.0906 2952 Srv - ok 11:17:19.0921 2952 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 11:17:19.0921 2952 SSDPSRV - ok 11:17:19.0968 2952 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 11:17:19.0984 2952 stisvc - ok 11:17:20.0000 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 11:17:20.0000 2952 swenum - ok 11:17:20.0015 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 11:17:20.0015 2952 swmidi - ok 11:17:20.0015 2952 SwPrv - ok 11:17:20.0015 2952 symc810 - ok 11:17:20.0031 2952 symc8xx - ok 11:17:20.0031 2952 sym_hi - ok 11:17:20.0031 2952 sym_u3 - ok 11:17:20.0031 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 11:17:20.0031 2952 sysaudio - ok 11:17:20.0046 2952 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 11:17:20.0046 2952 SysmonLog - ok 11:17:20.0062 2952 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 11:17:20.0078 2952 TapiSrv - ok 11:17:20.0109 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:17:20.0109 2952 Tcpip - ok 11:17:20.0125 2952 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 11:17:20.0140 2952 TDPIPE - ok 11:17:20.0156 2952 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 11:17:20.0156 2952 TDTCP - ok 11:17:20.0171 2952 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 11:17:20.0171 2952 TermDD - ok 11:17:20.0218 2952 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 11:17:20.0234 2952 TermService - ok 11:17:20.0234 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 11:17:20.0234 2952 Themes - ok 11:17:20.0250 2952 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 11:17:20.0250 2952 TlntSvr - ok 11:17:20.0281 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys 11:17:20.0281 2952 tmactmon - ok 11:17:20.0421 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys 11:17:20.0421 2952 tmcomm - ok 11:17:20.0437 2952 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\WINDOWS\system32\DRIVERS\TMEBC32.sys 11:17:20.0437 2952 TMEBC - ok 11:17:20.0453 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] tmeext C:\WINDOWS\system32\DRIVERS\tmeext.sys 11:17:20.0453 2952 tmeext - ok 11:17:20.0468 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 11:17:20.0468 2952 tmevtmgr - ok 11:17:20.0468 2952 [ 0C40396F071A8092964C8DC951F62B17 ] tmnciesc C:\WINDOWS\system32\DRIVERS\tmnciesc.sys 11:17:20.0484 2952 tmnciesc - ok 11:17:20.0500 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys 11:17:20.0500 2952 tmtdi - ok 11:17:20.0500 2952 TosIde - ok 11:17:20.0515 2952 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 11:17:20.0515 2952 TrkWks - ok 11:17:20.0671 2952 [ 118EDC3E712FF83CE25612081A69075D ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe 11:17:20.0687 2952 TuneUp.UtilitiesSvc - ok 11:17:20.0687 2952 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys 11:17:20.0703 2952 TuneUpUtilitiesDrv - ok 11:17:20.0718 2952 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 11:17:20.0718 2952 Udfs - ok 11:17:20.0718 2952 ultra - ok 11:17:20.0828 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 11:17:20.0828 2952 Update - ok 11:17:20.0859 2952 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe 11:17:20.0859 2952 UPHClean - ok 11:17:20.0875 2952 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 11:17:20.0875 2952 upnphost - ok 11:17:20.0890 2952 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 11:17:20.0906 2952 UPS - ok 11:17:20.0921 2952 [ CB41CD653916362CA5ECD242382A156E ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys 11:17:20.0921 2952 UrlFilter - ok 11:17:20.0937 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:17:20.0937 2952 usbccgp - ok 11:17:20.0953 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:17:20.0953 2952 usbehci - ok 11:17:20.0968 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:17:20.0968 2952 usbhub - ok 11:17:20.0984 2952 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 11:17:20.0984 2952 usbprint - ok 11:17:21.0000 2952 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:17:21.0000 2952 USBSTOR - ok 11:17:21.0015 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:17:21.0015 2952 usbuhci - ok 11:17:21.0046 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll 11:17:21.0046 2952 UxTuneUp - ok 11:17:21.0062 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 11:17:21.0062 2952 VgaSave - ok 11:17:21.0062 2952 ViaIde - ok 11:17:21.0093 2952 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 11:17:21.0109 2952 VolSnap - ok 11:17:21.0218 2952 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 11:17:21.0234 2952 VSS - ok 11:17:21.0359 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe 11:17:21.0359 2952 vToolbarUpdater13.2.0 - ok 11:17:21.0437 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 11:17:21.0437 2952 W32Time - ok 11:17:21.0453 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:17:21.0453 2952 Wanarp - ok 11:17:21.0453 2952 WDICA - ok 11:17:21.0484 2952 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 11:17:21.0484 2952 wdmaud - ok 11:17:21.0515 2952 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 11:17:21.0515 2952 WebClient - ok 11:17:21.0562 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 11:17:21.0562 2952 winmgmt - ok 11:17:21.0593 2952 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll 11:17:21.0609 2952 WinRM - ok 11:17:21.0625 2952 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 11:17:21.0640 2952 WmdmPmSN - ok 11:17:21.0687 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 11:17:21.0687 2952 Wmi - ok 11:17:21.0703 2952 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 11:17:21.0718 2952 WmiApSrv - ok 11:17:21.0765 2952 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 11:17:21.0796 2952 WMPNetworkSvc - ok 11:17:21.0859 2952 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 11:17:21.0875 2952 WPFFontCache_v0400 - ok 11:17:21.0921 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys 11:17:21.0921 2952 WsAudio_DeviceS(1) - ok 11:17:21.0937 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys 11:17:21.0937 2952 WsAudio_DeviceS(2) - ok 11:17:21.0953 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys 11:17:21.0953 2952 WsAudio_DeviceS(3) - ok 11:17:21.0968 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys 11:17:21.0984 2952 WsAudio_DeviceS(4) - ok 11:17:22.0000 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys 11:17:22.0000 2952 WsAudio_DeviceS(5) - ok 11:17:22.0015 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 11:17:22.0031 2952 wscsvc - ok 11:17:22.0046 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 11:17:22.0046 2952 wuauserv - ok 11:17:22.0062 2952 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:17:22.0062 2952 WudfPf - ok 11:17:22.0062 2952 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:17:22.0062 2952 WudfRd - ok 11:17:22.0078 2952 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 11:17:22.0109 2952 WudfSvc - ok 11:17:22.0187 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 11:17:22.0187 2952 WZCSVC - ok 11:17:22.0203 2952 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 11:17:22.0218 2952 xmlprov - ok 11:17:22.0218 2952 ================ Scan global =============================== 11:17:22.0234 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 11:17:22.0250 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 11:17:22.0265 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 11:17:22.0281 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 11:17:22.0281 2952 [Global] - ok 11:17:22.0281 2952 ================ Scan MBR ================================== 11:17:22.0296 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 11:17:22.0781 2952 \Device\Harddisk0\DR0 - ok 11:17:22.0796 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 11:17:23.0015 2952 \Device\Harddisk1\DR1 - ok 11:17:23.0015 2952 ================ Scan VBR ================================== 11:17:23.0015 2952 [ C593EAFFA0EC925B070596C4D76C0F8A ] \Device\Harddisk0\DR0\Partition1 11:17:23.0015 2952 \Device\Harddisk0\DR0\Partition1 - ok 11:17:23.0015 2952 [ C86D8448686A33EF77E5B847E8C484A9 ] \Device\Harddisk1\DR1\Partition1 11:17:23.0015 2952 \Device\Harddisk1\DR1\Partition1 - ok 11:17:23.0015 2952 ================ Scan active images ======================== 11:17:23.0015 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys 11:17:23.0015 2952 C:\WINDOWS\system32\drivers\intelppm.sys - ok 11:17:23.0015 2952 [ ED9816DBAF6689542EA7D022631906A1 ] C:\WINDOWS\system32\drivers\nv4_mini.sys 11:17:23.0015 2952 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok 11:17:23.0031 2952 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\videoprt.sys - ok 11:17:23.0031 2952 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbport.sys - ok 11:17:23.0031 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbuhci.sys - ok 11:17:23.0031 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbehci.sys - ok 11:17:23.0031 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok 11:17:23.0031 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\cdrom.sys - ok 11:17:23.0031 2952 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ks.sys - ok 11:17:23.0031 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\imapi.sys - ok 11:17:23.0031 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] C:\WINDOWS\system32\drivers\l151x86.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\l151x86.sys - ok 11:17:23.0031 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\redbook.sys - ok 11:17:23.0031 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ASACPI.sys - ok 11:17:23.0031 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\fdc.sys - ok 11:17:23.0031 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys 11:17:23.0031 2952 C:\WINDOWS\system32\drivers\i8042prt.sys - ok 11:17:23.0046 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serenum.sys - ok 11:17:23.0046 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serial.sys - ok 11:17:23.0046 2952 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\audstub.sys - ok 11:17:23.0046 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\kbdclass.sys - ok 11:17:23.0046 2952 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndistapi.sys - ok 11:17:23.0046 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndiswan.sys - ok 11:17:23.0046 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok 11:17:23.0046 2952 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspppoe.sys - ok 11:17:23.0046 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\msgpc.sys - ok 11:17:23.0046 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\psched.sys - ok 11:17:23.0046 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys 11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspptp.sys - ok 11:17:23.0062 2952 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\tdi.sys - ok 11:17:23.0062 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ptilink.sys - ok 11:17:23.0062 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\raspti.sys - ok 11:17:23.0062 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\rdpdr.sys - ok 11:17:23.0062 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mouclass.sys - ok 11:17:23.0062 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\swenum.sys - ok 11:17:23.0062 2952 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\termdd.sys - ok 11:17:23.0062 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\update.sys - ok 11:17:23.0062 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mssmbios.sys - ok 11:17:23.0062 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ndproxy.sys - ok 11:17:23.0062 2952 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbd.sys - ok 11:17:23.0062 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys 11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbhub.sys - ok 11:17:23.0078 2952 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\drmk.sys - ok 11:17:23.0078 2952 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\portcls.sys - ok 11:17:23.0078 2952 [ 976BFBACF0099565B14810D4840CFC6F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok 11:17:23.0078 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\flpydisk.sys - ok 11:17:23.0078 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] C:\WINDOWS\system32\drivers\avgtpx86.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\avgtpx86.sys - ok 11:17:23.0078 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\beep.sys - ok 11:17:23.0078 2952 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\cdaudio.sys - ok 11:17:23.0078 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\fs_rec.sys - ok 11:17:23.0078 2952 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\hidparse.sys - ok 11:17:23.0078 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\kbdhid.sys - ok 11:17:23.0078 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\null.sys - ok 11:17:23.0078 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys 11:17:23.0078 2952 C:\WINDOWS\system32\drivers\sfloppy.sys - ok 11:17:23.0093 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\vga.sys - ok 11:17:23.0093 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\mnmdd.sys - ok 11:17:23.0093 2952 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\msfs.sys - ok 11:17:23.0093 2952 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok 11:17:23.0093 2952 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\ipsec.sys - ok 11:17:23.0093 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\netbt.sys - ok 11:17:23.0093 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\npfs.sys - ok 11:17:23.0093 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rasacd.sys - ok 11:17:23.0093 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tcpip.sys - ok 11:17:23.0093 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] C:\WINDOWS\system32\drivers\tmeext.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tmeext.sys - ok 11:17:23.0093 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys 11:17:23.0093 2952 C:\WINDOWS\system32\drivers\afd.sys - ok 11:17:23.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\ipnat.sys - ok 11:17:23.0109 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\netbios.sys - ok 11:17:23.0109 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\wanarp.sys - ok 11:17:23.0109 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] C:\WINDOWS\system32\drivers\tmcomm.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmcomm.sys - ok 11:17:23.0109 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] C:\WINDOWS\system32\drivers\tmevtmgr.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmevtmgr.sys - ok 11:17:23.0109 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok 11:17:23.0109 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\rdbss.sys - ok 11:17:23.0109 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] C:\WINDOWS\system32\drivers\tmactmon.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmactmon.sys - ok 11:17:23.0109 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] C:\WINDOWS\system32\drivers\tmtdi.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmtdi.sys - ok 11:17:23.0109 2952 [ 663F2FB92608073824EE3106886120F3 ] C:\WINDOWS\system32\drivers\AsIO.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\AsIO.sys - ok 11:17:23.0109 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys 11:17:23.0109 2952 C:\WINDOWS\system32\drivers\fips.sys - ok 11:17:23.0109 2952 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe 11:17:23.0109 2952 C:\WINDOWS\system32\smss.exe - ok 11:17:23.0109 2952 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll 11:17:23.0109 2952 C:\WINDOWS\system32\ntdll.dll - ok 11:17:23.0125 2952 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll 11:17:23.0125 2952 C:\WINDOWS\system32\sfcfiles.dll - ok 11:17:23.0125 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\cdfs.sys - ok 11:17:23.0125 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbccgp.sys - ok 11:17:23.0125 2952 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidclass.sys - ok 11:17:23.0125 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidusb.sys - ok 11:17:23.0125 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\mouhid.sys - ok 11:17:23.0125 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] C:\WINDOWS\system32\drivers\HPZius12.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZius12.sys - ok 11:17:23.0125 2952 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbprint.sys - ok 11:17:23.0125 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] C:\WINDOWS\system32\drivers\HPZid412.sys 11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZid412.sys - ok 11:17:23.0140 2952 [ 89F41658929393487B6B7D13C8528CE3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys 11:17:23.0140 2952 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok 11:17:23.0140 2952 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys 11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxapi.sys - ok 11:17:23.0140 2952 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys 11:17:23.0140 2952 C:\WINDOWS\system32\watchdog.sys - ok 11:17:23.0140 2952 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys 11:17:23.0140 2952 C:\WINDOWS\system32\win32k.sys - ok 11:17:23.0140 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 11:17:23.0140 2952 C:\WINDOWS\system32\basesrv.dll - ok 11:17:23.0140 2952 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll 11:17:23.0140 2952 C:\WINDOWS\system32\csrsrv.dll - ok 11:17:23.0140 2952 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe 11:17:23.0140 2952 C:\WINDOWS\system32\csrss.exe - ok 11:17:23.0140 2952 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll 11:17:23.0140 2952 C:\WINDOWS\system32\gdi32.dll - ok 11:17:23.0140 2952 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll 11:17:23.0140 2952 C:\WINDOWS\system32\kernel32.dll - ok 11:17:23.0140 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 11:17:23.0140 2952 C:\WINDOWS\system32\winsrv.dll - ok 11:17:23.0140 2952 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll 11:17:23.0140 2952 C:\WINDOWS\system32\user32.dll - ok 11:17:23.0140 2952 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys 11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxg.sys - ok 11:17:23.0156 2952 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys 11:17:23.0156 2952 C:\WINDOWS\system32\drivers\dxgthk.sys - ok 11:17:23.0156 2952 [ 2C9A151701878E18563447EB2C2B0516 ] C:\WINDOWS\system32\nv4_disp.dll 11:17:23.0156 2952 C:\WINDOWS\system32\nv4_disp.dll - ok 11:17:23.0156 2952 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll 11:17:23.0156 2952 C:\WINDOWS\system32\vga.dll - ok 11:17:23.0156 2952 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe 11:17:23.0156 2952 C:\WINDOWS\system32\winlogon.exe - ok 11:17:23.0156 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll 11:17:23.0156 2952 C:\WINDOWS\system32\advapi32.dll - ok 11:17:23.0156 2952 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll 11:17:23.0156 2952 C:\WINDOWS\system32\rpcrt4.dll - ok 11:17:23.0156 2952 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll 11:17:23.0156 2952 C:\WINDOWS\system32\authz.dll - ok 11:17:23.0156 2952 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll 11:17:23.0156 2952 C:\WINDOWS\system32\secur32.dll - ok 11:17:23.0156 2952 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll 11:17:23.0156 2952 C:\WINDOWS\system32\crypt32.dll - ok 11:17:23.0156 2952 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll 11:17:23.0156 2952 C:\WINDOWS\system32\msvcrt.dll - ok 11:17:23.0156 2952 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll 11:17:23.0156 2952 C:\WINDOWS\system32\msasn1.dll - ok 11:17:23.0156 2952 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll 11:17:23.0156 2952 C:\WINDOWS\system32\nddeapi.dll - ok 11:17:23.0171 2952 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll 11:17:23.0171 2952 C:\WINDOWS\system32\profmap.dll - ok 11:17:23.0171 2952 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll 11:17:23.0171 2952 C:\WINDOWS\system32\netapi32.dll - ok 11:17:23.0171 2952 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll 11:17:23.0171 2952 C:\WINDOWS\system32\userenv.dll - ok 11:17:23.0171 2952 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll 11:17:23.0171 2952 C:\WINDOWS\system32\psapi.dll - ok 11:17:23.0171 2952 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll 11:17:23.0171 2952 C:\WINDOWS\system32\regapi.dll - ok 11:17:23.0171 2952 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll 11:17:23.0171 2952 C:\WINDOWS\system32\setupapi.dll - ok 11:17:23.0171 2952 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll 11:17:23.0171 2952 C:\WINDOWS\system32\version.dll - ok

11:14:31.0609 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 11:14:32.0140 2668 ============================================================ 11:14:32.0140 2668 Current date / time: 2013/01/09 11:14:32.0140 11:14:32.0140 2668 SystemInfo: 11:14:32.0140 2668 11:14:32.0140 2668 OS Version: 5.1.2600 ServicePack: 3.0 11:14:32.0140 2668 Product type: Workstation 11:14:32.0140 2668 ComputerName: HOME 11:14:32.0140 2668 UserName: NEIL'S 11:14:32.0140 2668 Windows directory: C:\WINDOWS 11:14:32.0140 2668 System windows directory: C:\WINDOWS 11:14:32.0140 2668 Processor architecture: Intel x86 11:14:32.0140 2668 Number of processors: 2 11:14:32.0140 2668 Page size: 0x1000 11:14:32.0140 2668 Boot type: Normal boot 11:14:32.0140 2668 ============================================================ 11:14:33.0250 2668 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:14:33.0265 2668 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 11:14:33.0406 2668 ============================================================ 11:14:33.0406 2668 \Device\Harddisk0\DR0: 11:14:33.0406 2668 MBR partitions: 11:14:33.0406 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41 11:14:33.0406 2668 \Device\Harddisk1\DR1: 11:14:33.0406 2668 MBR partitions: 11:14:33.0406 2668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682 11:14:33.0406 2668 ============================================================ 11:14:33.0421 2668 C: <-> \Device\Harddisk0\DR0\Partition1 11:14:33.0437 2668 F: <-> \Device\Harddisk1\DR1\Partition1 11:14:33.0437 2668 ============================================================ 11:14:33.0437 2668 Initialize success 11:14:33.0437 2668 ============================================================ 11:14:59.0171 3464 Deinitialize success

Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 300069052416 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a67eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a6fa778, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a691d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe3083338, 0xffffffff8a6a0ab8, 0xffffffff893a9ab8 Lower DeviceData: 0xffffffffe106ad00, 0xffffffff8a691d98, 0xffffffff898cf398 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3046379520

Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 300069052416 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a280bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a327710, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a309d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1ddf5c0, 0xffffffff8a27dab8, 0xffffffff89c4c7e8 Lower DeviceData: 0xffffffffe1f903c8, 0xffffffff8a309d98, 0xffffffff89cacbb8 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Done! Scan finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 2740338688 ------------ Kernel report ------------ 01/07/2013 10:48:17 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll TMEBC32.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\l151x86.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\RtkHDAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\WINDOWS\system32\drivers\avgtpx86.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\tmeext.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmcomm.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\tmevtmgr.sys \SystemRoot\system32\DRIVERS\tmactmon.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\drivers\AsIO.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\HPZid412.sys \SystemRoot\system32\DRIVERS\HPZipr12.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\DRIVERS\tmnciesc.sys \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8a6a0ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\ Lower Device Object: 0xffffffff8a691d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a6a0030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\ Lower Device Object: 0xffffffff8a6a1940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.01.06.02 Downloaded database version: v2013.01.06.03 Downloaded database version: v2013.01.06.04 Downloaded database version: v2013.01.06.05 Downloaded database version: v2013.01.06.06 Downloaded database version: v2013.01.06.07 Downloaded database version: v2013.01.06.08 Downloaded database version: v2013.01.07.01 Downloaded database version: v2013.01.07.02 Downloaded database version: v2013.01.07.03 Downloaded database version: v2013.01.07.04 Downloaded database version: v2013.01.07.05 Downloaded database version: v2013.01.07.06 Downloaded database version: v2013.01.07.07 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a6a4b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a6a39e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a6a1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1191248, 0xffffffff8a6a0030, 0xffffffff8947d040 Lower DeviceData: 0xffffffffe329a140, 0xffffffff8a6a1940, 0xffffffff8a44b040 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 292EDB50

Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3053436928 DDA driver is not installed Downloaded database version: v2012.12.31.02 Initializing... Done! The system volume seems inaccessible or encrypted. Scan can't continue. ======================================= Could not remove DDA driver --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 2830536704 DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3174916096 ------------ Kernel report ------------ 01/05/2013 19:21:09 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll TMEBC32.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\l151x86.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\WINDOWS\system32\drivers\avgtpx86.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8a27dab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\ Lower Device Object: 0xffffffff8a309d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a30cab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\ Lower Device Object: 0xffffffff8a309940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.01.06.01 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a2d7b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a31f9e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a309940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1eb07f8, 0xffffffff8a30cab8, 0xffffffff89c34850 Lower DeviceData: 0xffffffffe1fb5468, 0xffffffff8a309940, 0xffffffff89c6e040 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 292EDB50

Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 2882523136 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3039903744 DDA Driver installation error. Driver installed on boot. Reboot required. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3173933056 ------------ Kernel report ------------ 12/30/2012 19:56:49 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll TMEBC32.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\l151x86.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\WINDOWS\system32\drivers\avgtpx86.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\Fastfat.SYS \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8a2d1870 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\ Lower Device Object: 0xffffffff8a2cdd98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a2c2ab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\ Lower Device Object: 0xffffffff8a306940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2012.12.31.01 Downloaded database version: v2012.12.27.02 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a3193a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a2c9930, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a306940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1b52a88, 0xffffffff8a2c2ab8, 0xffffffff89c79608 Lower DeviceData: 0xffffffffe1a8b428, 0xffffffff8a306940, 0xffffffff89c60d10 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 292EDB50 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 300069052416 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a30ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a313720, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a2cdd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1f169e0, 0xffffffff8a2d1870, 0xffffffff89c606f8 Lower DeviceData: 0xffffffffe1bb6cd0, 0xffffffff8a2cdd98, 0xffffffff89c6c5b8 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Done! Scan finished =======================================

Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 3.172000 GHz Memory total: 3488657408, free: 3172704256 Could not load protection driver ------------ Kernel report ------------ 12/28/2012 23:46:12 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll TMEBC32.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys KSecDD.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\l151x86.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\WINDOWS\system32\drivers\avgtpx86.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\HPZius12.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\system32\DRIVERS\srv.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk2\DR4 Upper Device Object: 0xffffffff89e3b030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000090\ Lower Device Object: 0xffffffff89e40be8 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xffffffff8a28eab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\ Lower Device Object: 0xffffffff8a380d98 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a30aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\ Lower Device Object: 0xffffffff8a2f2940 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2012.12.29.05 Downloaded database version: v2012.12.27.02 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a2993a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a37d9e8, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a2f2940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1dc6c08, 0xffffffff8a30aab8, 0xffffffff89c296c0 Lower DeviceData: 0xffffffffe1af7920, 0xffffffff8a2f2940, 0xffffffff89cd7660 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 292EDB50 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 300069052416 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a309bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a3197a0, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a380d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xffffffffe1bdf7a0, 0xffffffff8a28eab8, 0xffffffff89c2c550 Lower DeviceData: 0xffffffffe1d90700, 0xffffffff8a380d98, 0xffffffff89c59a08 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff89e3be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff89e40be8, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xffffffffe1ed06d8, 0xffffffff89e3b030, 0xffffffff89c4eab8 Lower DeviceData: 0xffffffffe1fdec30, 0xffffffff89e40be8, 0xffffffff89c4e658 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: E423E423 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 7855872 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4022337024 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1) Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1) Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1) Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1) Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1) Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1) Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1) Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1) Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1) Done! Scan finished =======================================

the system-log.txt is too long to post here.

Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.07.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 NEIL'S :: HOME [administrator] 1/7/2013 10:54:45 AM mbar-log-2013-01-07 (10-54-45).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26397 Time elapsed: 6 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2012.12.29.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 NEIL'S :: HOME [administrator] 12/28/2012 11:50:34 PM mbar-log-2012-12-28 (23-50-34).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26348 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

thankyou for your help. I ran mbar, here are the logs.system-log.txtmbar-log-2013-01-07 (10-54-45).txt

my google homepage is being redirected to either a false yahoo site, facebook, or a blank page. I ran malware bytes and found trojans. the problem went away for a day and came back. I tried system restore and it came back again. I'm also getting runtime error 216 at 5003a116 when closing IE. please help. dds.txt attach.txt