steveopevo
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by steveopevo
-
-
update was successful. I always felt good about using registry cleaners as if it would significantly improve performance. In the past i've had problems with Fixit utilities doing exactly what you're saying. Thankyou for the advice.
-
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Java 6 Update 26
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader XI
Mozilla Firefox (18.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
IObit IObit Malware Fighter IMFsrv.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP AMSP_LogServer.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
-
I just reset default settings on IE and it's working fine now. Firefox works fine. Before when I reset IE settings nothing changed so I'm guessing after your help the virus was deleted. Thankyou very much for your help, I can't tell you how much I appreciate you guys at malwarebytes. Do you think anything else needs to be done?
-
IE still hangs depending on the website I go to. Do you think some settings got messed up or maybe IE needs to be reinstalled?
-
C:\System Volume Information\_restore{03F4B5B1-16D4-46FC-BCF1-B2EB3976FE79}\RP27\A0077545.exe Win32/NoAdware application
C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP33\A0019357.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP35\A0023468.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP36\A0031168.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP37\A0036511.exe a variant of Win32/Toolbar.Widgi application
C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP38\A0041855.exe a variant of Win32/Toolbar.Widgi application
C:\Utility\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Utility\noadware\noadwarefullv4.exe Win32/NoAdware application
F:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application
F:\Utility\noadware\noadwarefullv4.exe Win32/NoAdware application
-
Status: Deleted (events: 3)
1/11/2013 9:01:35 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\NEIL'S\Application Data\Sun\Java\Deployment\cache\6.0\29\2f44825d-2098a00f High
1/11/2013 9:01:35 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046134.exe High
1/11/2013 9:01:42 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046135.exe High
-
the first time I ran AdwCleaner it didn't generate a report so I ran it a second time and it did. I downloaded firefox a few days ago and so far it has not been hijacked. IE isn't being redirected anymore but is having trouble loading certain webpages and is very slow.
# AdwCleaner v2.105 - Logfile created 01/10/2013 at 15:55:29
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : NEIL'S - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R2].txt - [6057 octets] - [09/01/2013 17:05:45]
AdwCleaner[s2].txt - [1044 octets] - [10/01/2013 15:55:29]
########## EOF - C:\AdwCleaner[s2].txt - [1104 octets] ##########
-
# AdwCleaner v2.105 - Logfile created 01/09/2013 at 17:05:45
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : NEIL'S - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium
Folder Found : C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\NEIL'S\Application Data\imeshbandmltbpi
Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Conduit
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [12563 octets] - [31/12/2012 12:17:12]
AdwCleaner[R2].txt - [5868 octets] - [09/01/2013 17:05:45]
AdwCleaner[s1].txt - [6452 octets] - [31/12/2012 12:17:54]
########## EOF - C:\AdwCleaner[R2].txt - [5988 octets] ##########
-
ComboFix 13-01-08.01 - NEIL'S 01/09/2013 16:54:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2690 [GMT -7:00]
Running from: c:\documents and settings\NEIL'S\My Documents\Downloads\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\NEIL'S\My Documents\wpabaln.exe
C:\prefs.js
c:\windows\system32\Cache
c:\windows\system32\Cache\262643b75c37f5ca.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\48d67d4b09e3cbf2.fb
c:\windows\system32\Cache\52956e87180d8fe0.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\63ef0dbca4051940.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\68ad56a4659b4a48.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c9edfb3dbcb25b7e.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e8bcb6954ecca995.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\service
c:\windows\system32\service\02072011_TIS17_SfFniAU.log
c:\windows\system32\service\04012011_TIS17_SfFniAU.log
c:\windows\system32\service\04122009_TIS17_SfFniAU.log
c:\windows\system32\service\05012011_TIS17_SfFniAU.log
c:\windows\system32\service\07042011_TIS17_SfFniAU.log
c:\windows\system32\service\10102010_TIS17_SfFniAU.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\12012010_TIS17_SfFniAU.log
c:\windows\system32\service\13012011_TIS17_SfFniAU.log
c:\windows\system32\service\13022010_TIS17_SfFniAU.log
c:\windows\system32\service\13032010_TIS17_SfFniAU.log
c:\windows\system32\service\14032011_TIS17_SfFniAU.log
c:\windows\system32\service\16052009_TIS17_SfFniAU.log
c:\windows\system32\service\17102010_TIS17_SfFniAU.log
c:\windows\system32\service\18032011_TIS17_SfFniAU.log
c:\windows\system32\service\19122009_TIS17_SfFniAU.log
c:\windows\system32\service\20012011_TIS17_SfFniAU.log
c:\windows\system32\service\20022010_TIS17_SfFniAU.log
c:\windows\system32\service\20032011_TIS17_SfFniAU.log
c:\windows\system32\service\22062009_TIS17_SfFniAU.log
c:\windows\system32\service\24052011_TIS17_SfFniAU.log
c:\windows\system32\service\24072009_TIS17_SfFniAU.log
c:\windows\system32\service\26022011_TIS17_SfFniAU.log
c:\windows\system32\service\26032011_TIS17_SfFniAU.log
c:\windows\system32\service\26102010_TIS17_SfFniAU.log
c:\windows\system32\service\27032011_TIS17_SfFniAU.log
c:\windows\system32\service\27112009_TIS17_SfFniAU.log
c:\windows\system32\service\30102010_TIS17_SfFniAU.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-03 00:02 . 2013-01-03 00:02 181808 ----a-w- c:\windows\RegBootClean.exe
2013-01-01 06:40 . 2013-01-01 06:40 -------- d-----w- c:\program files\WinPcap
2013-01-01 05:20 . 2013-01-01 05:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ErrorEND
2012-12-31 19:46 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-31 19:36 . 2012-12-31 19:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-12-31 19:23 . 2012-12-31 19:23 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-29 19:25 . 2012-12-29 19:30 -------- d-----w- c:\documents and settings\NEIL'S\Application Data\FixCleaner
2012-12-29 19:25 . 2012-12-29 19:40 -------- d-----w- c:\program files\FixCleaner
2012-12-29 18:53 . 2012-12-29 18:53 -------- d-----w- c:\program files\do not track
2012-12-29 18:51 . 2012-12-29 18:54 -------- d-----w- c:\program files\emsisoft
2012-12-29 06:41 . 2012-12-29 06:41 138864 ----a-w- c:\windows\system32\drivers\06413029.sys
2012-12-29 06:33 . 2012-12-29 06:37 -------- d-----w- c:\program files\mbar-anti rootkit
2012-12-29 05:30 . 2013-01-02 23:45 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\DoNotTrackPlus
2012-12-29 05:30 . 2012-12-29 05:30 -------- d-----w- c:\program files\DoNotTrackPlus
2012-12-29 05:25 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-12-29 05:20 . 2012-12-29 05:20 -------- d-----w- C:\TMRescueDisk
2012-12-29 05:13 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys
2012-12-29 05:13 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-12-29 05:13 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-12-29 05:13 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-12-29 05:13 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-12-29 05:13 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-12-29 05:13 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys
2012-12-29 05:12 . 2012-12-29 05:12 59 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-12-29 04:36 . 2012-12-29 04:36 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Trend Micro
2012-12-29 01:09 . 2012-12-29 01:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2012-12-26 08:20 . 2012-12-26 08:20 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS\IETldCache
2012-12-26 07:58 . 2012-12-29 04:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2012-12-26 07:58 . 2012-12-29 05:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-26 06:12 . 2012-12-26 06:12 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\Mozilla
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:32 . 2012-05-10 05:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:32 . 2011-07-30 17:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2007-07-27 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2007-07-27 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 01:03 . 2012-11-09 01:03 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-06 02:01 . 2009-08-20 00:07 1371648 ------w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2007-07-27 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-13 02:09 . 2012-12-02 04:41 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-11-29 08:27 . 2013-01-08 02:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
.
c:\windows\System32\ctfmon.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-12-31 19:25 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-12-31 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-13 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-12-31 997320]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 15:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fix-It Task Manager"=2 (0x2)
"TuneUp.UtilitiesSvc"=2 (0x2)
"NBService"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [12/28/2012 10:13 PM 38328]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:03 PM 26984]
R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [12/28/2012 10:13 PM 90808]
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/28/2012 10:13 PM 75624]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:43 PM 464256]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [11/9/2012 3:49 PM 821592]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/28/2012 10:25 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/28/2012 10:25 PM 1369624]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 9:34 AM 1527104]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:03 PM 711112]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4/6/2009 6:40 AM 37376]
R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [12/28/2012 10:13 PM 171064]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]
S1 A2DDA;A2 Direct Disk Access Support Driver; [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/28/2012 10:12 PM 221264]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/28/2012 10:25 PM 168384]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [11/9/2012 3:49 PM 246816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [11/9/2012 3:49 PM 30408]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [11/9/2012 3:49 PM 16248]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [8/21/2011 2:28 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [8/21/2011 2:28 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [8/21/2011 2:28 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [8/21/2011 2:28 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [8/21/2011 2:28 PM 25704]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 23:32]
.
2013-01-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-29 21:08]
.
2012-12-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-29 21:07]
.
2012-12-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-29 21:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-12-28 22:12; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF - ExtSQL: 2012-12-31 12:25; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension
FF - ExtSQL: 2012-12-31 12:25; avg@toolbar; c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5
FF - ExtSQL: 2013-01-07 19:29; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF - ExtSQL: 2013-01-08 15:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-22288891.sys
MSConfigStartUp-ctfmon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 16:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-09 16:57:33
ComboFix-quarantined-files.txt 2013-01-09 23:57
.
Pre-Run: 234,116,800,512 bytes free
Post-Run: 234,471,432,192 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=4
.
- - End Of File - - D1EBCC530B4143FC54994BB513057BE8
-
11:17:23.0171 2952 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
11:17:23.0171 2952 C:\WINDOWS\system32\imagehlp.dll - ok
11:17:23.0171 2952 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
11:17:23.0171 2952 C:\WINDOWS\system32\winsta.dll - ok
11:17:23.0171 2952 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
11:17:23.0171 2952 C:\WINDOWS\system32\wintrust.dll - ok
11:17:23.0171 2952 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
11:17:23.0171 2952 C:\WINDOWS\system32\ws2help.dll - ok
11:17:23.0171 2952 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
11:17:23.0171 2952 C:\WINDOWS\system32\ws2_32.dll - ok
11:17:23.0187 2952 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
11:17:23.0187 2952 C:\WINDOWS\system32\imm32.dll - ok
11:17:23.0187 2952 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
11:17:23.0187 2952 C:\WINDOWS\system32\kbdus.dll - ok
11:17:23.0187 2952 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
11:17:23.0187 2952 C:\WINDOWS\system32\msgina.dll - ok
11:17:23.0187 2952 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
11:17:23.0187 2952 C:\WINDOWS\system32\comctl32.dll - ok
11:17:23.0187 2952 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
11:17:23.0187 2952 C:\WINDOWS\system32\comdlg32.dll - ok
11:17:23.0187 2952 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
11:17:23.0187 2952 C:\WINDOWS\system32\odbc32.dll - ok
11:17:23.0187 2952 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
11:17:23.0187 2952 C:\WINDOWS\system32\shell32.dll - ok
11:17:23.0187 2952 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
11:17:23.0187 2952 C:\WINDOWS\system32\shlwapi.dll - ok
11:17:23.0187 2952 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
11:17:23.0187 2952 C:\WINDOWS\system32\sxs.dll - ok
11:17:23.0187 2952 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
11:17:23.0187 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
11:17:23.0187 2952 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
11:17:23.0187 2952 C:\WINDOWS\system32\odbcint.dll - ok
11:17:23.0187 2952 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
11:17:23.0187 2952 C:\WINDOWS\system32\sfc.dll - ok
11:17:23.0203 2952 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
11:17:23.0203 2952 C:\WINDOWS\system32\sfc_os.dll - ok
11:17:23.0203 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
11:17:23.0203 2952 C:\WINDOWS\system32\shsvcs.dll - ok
11:17:23.0203 2952 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
11:17:23.0203 2952 C:\WINDOWS\system32\ole32.dll - ok
11:17:23.0203 2952 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
11:17:23.0203 2952 C:\WINDOWS\system32\apphelp.dll - ok
11:17:23.0203 2952 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
11:17:23.0203 2952 C:\WINDOWS\system32\lsasrv.dll - ok
11:17:23.0203 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
11:17:23.0203 2952 C:\WINDOWS\system32\lsass.exe - ok
11:17:23.0203 2952 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
11:17:23.0203 2952 C:\WINDOWS\system32\ncobjapi.dll - ok
11:17:23.0203 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:17:23.0203 2952 C:\WINDOWS\system32\services.exe - ok
11:17:23.0203 2952 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
11:17:23.0203 2952 C:\WINDOWS\system32\msvcp60.dll - ok
11:17:23.0203 2952 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
11:17:23.0203 2952 C:\WINDOWS\system32\mpr.dll - ok
11:17:23.0203 2952 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
11:17:23.0203 2952 C:\WINDOWS\system32\scesrv.dll - ok
11:17:23.0203 2952 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
11:17:23.0203 2952 C:\WINDOWS\system32\ntdsapi.dll - ok
11:17:23.0218 2952 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
11:17:23.0218 2952 C:\WINDOWS\system32\umpnpmgr.dll - ok
11:17:23.0218 2952 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
11:17:23.0218 2952 C:\WINDOWS\system32\dnsapi.dll - ok
11:17:23.0218 2952 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
11:17:23.0218 2952 C:\WINDOWS\system32\shimeng.dll - ok
11:17:23.0218 2952 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
11:17:23.0218 2952 C:\WINDOWS\system32\wldap32.dll - ok
11:17:23.0218 2952 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
11:17:23.0218 2952 C:\WINDOWS\AppPatch\acadproc.dll - ok
11:17:23.0218 2952 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
11:17:23.0218 2952 C:\WINDOWS\system32\samlib.dll - ok
11:17:23.0218 2952 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
11:17:23.0218 2952 C:\WINDOWS\system32\samsrv.dll - ok
11:17:23.0218 2952 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
11:17:23.0218 2952 C:\WINDOWS\system32\cryptdll.dll - ok
11:17:23.0218 2952 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
11:17:23.0218 2952 C:\WINDOWS\AppPatch\acgenral.dll - ok
11:17:23.0218 2952 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
11:17:23.0218 2952 C:\WINDOWS\system32\oleaut32.dll - ok
11:17:23.0218 2952 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
11:17:23.0218 2952 C:\WINDOWS\system32\winmm.dll - ok
11:17:23.0218 2952 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
11:17:23.0218 2952 C:\WINDOWS\system32\msacm32.dll - ok
11:17:23.0234 2952 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
11:17:23.0234 2952 C:\WINDOWS\system32\uxtheme.dll - ok
11:17:23.0234 2952 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
11:17:23.0234 2952 C:\WINDOWS\system32\msapsspc.dll - ok
11:17:23.0234 2952 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
11:17:23.0234 2952 C:\WINDOWS\system32\msvcrt40.dll - ok
11:17:23.0234 2952 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
11:17:23.0234 2952 C:\WINDOWS\system32\schannel.dll - ok
11:17:23.0234 2952 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
11:17:23.0234 2952 C:\WINDOWS\system32\digest.dll - ok
11:17:23.0234 2952 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
11:17:23.0234 2952 C:\WINDOWS\system32\msnsspc.dll - ok
11:17:23.0234 2952 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
11:17:23.0234 2952 C:\WINDOWS\system32\kerberos.dll - ok
11:17:23.0234 2952 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime
11:17:23.0234 2952 C:\WINDOWS\system32\msctfime.ime - ok
11:17:23.0234 2952 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
11:17:23.0234 2952 C:\WINDOWS\system32\msprivs.dll - ok
11:17:23.0234 2952 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
11:17:23.0234 2952 C:\WINDOWS\system32\msv1_0.dll - ok
11:17:23.0234 2952 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll
11:17:23.0234 2952 C:\WINDOWS\system32\atmfd.dll - ok
11:17:23.0234 2952 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
11:17:23.0234 2952 C:\WINDOWS\system32\iphlpapi.dll - ok
11:17:23.0250 2952 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
11:17:23.0250 2952 C:\WINDOWS\system32\netlogon.dll - ok
11:17:23.0250 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
11:17:23.0250 2952 C:\WINDOWS\system32\w32time.dll - ok
11:17:23.0250 2952 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
11:17:23.0250 2952 C:\WINDOWS\system32\wdigest.dll - ok
11:17:23.0250 2952 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
11:17:23.0250 2952 C:\WINDOWS\system32\rsaenh.dll - ok
11:17:23.0250 2952 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
11:17:23.0250 2952 C:\WINDOWS\system32\winscard.dll - ok
11:17:23.0250 2952 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
11:17:23.0250 2952 C:\WINDOWS\system32\wtsapi32.dll - ok
11:17:23.0250 2952 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
11:17:23.0250 2952 C:\WINDOWS\system32\scecli.dll - ok
11:17:23.0250 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - ok
11:17:23.0250 2952 [ 26AA77FC855DC49E3FFD98BFB38904BE ] C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl
11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl - ok
11:17:23.0250 2952 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
11:17:23.0250 2952 C:\WINDOWS\system32\oleacc.dll - ok
11:17:23.0250 2952 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
11:17:23.0250 2952 C:\WINDOWS\system32\wsock32.dll - ok
11:17:23.0265 2952 [ B10E3287B7CB1060CD70B51B079A354D ] C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl
11:17:23.0265 2952 C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl - ok
11:17:23.0265 2952 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
11:17:23.0265 2952 C:\WINDOWS\system32\msimg32.dll - ok
11:17:23.0265 2952 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
11:17:23.0265 2952 C:\WINDOWS\system32\winspool.drv - ok
11:17:23.0265 2952 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
11:17:23.0265 2952 C:\WINDOWS\system32\oledlg.dll - ok
11:17:23.0265 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] C:\WINDOWS\system32\nvsvc32.exe
11:17:23.0265 2952 C:\WINDOWS\system32\nvsvc32.exe - ok
11:17:23.0265 2952 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
11:17:23.0265 2952 C:\WINDOWS\system32\powrprof.dll - ok
11:17:23.0265 2952 [ 58A517026E5C8674A70B9B6650691EFE ] C:\WINDOWS\system32\nvcpl.dll
11:17:23.0265 2952 C:\WINDOWS\system32\nvcpl.dll - ok
11:17:23.0265 2952 [ 6A65DA7325CF33ACAA112DC2F70B0934 ] C:\WINDOWS\system32\nvapi.dll
11:17:23.0265 2952 C:\WINDOWS\system32\nvapi.dll - ok
11:17:23.0265 2952 [ 0AD786CEEFBD6D51B7D35788D83857B9 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
11:17:23.0265 2952 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
11:17:23.0265 2952 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
11:17:23.0265 2952 C:\WINDOWS\system32\logonui.exe - ok
11:17:23.0281 2952 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
11:17:23.0281 2952 C:\WINDOWS\system32\duser.dll - ok
11:17:23.0281 2952 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
11:17:23.0281 2952 C:\WINDOWS\system32\clbcatq.dll - ok
11:17:23.0281 2952 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
11:17:23.0281 2952 C:\WINDOWS\system32\comres.dll - ok
11:17:23.0281 2952 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
11:17:23.0281 2952 C:\WINDOWS\system32\shgina.dll - ok
11:17:23.0281 2952 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
11:17:23.0281 2952 C:\WINDOWS\system32\svchost.exe - ok
11:17:23.0281 2952 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
11:17:23.0281 2952 C:\WINDOWS\system32\ntmarta.dll - ok
11:17:23.0281 2952 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
11:17:23.0281 2952 C:\WINDOWS\system32\rpcss.dll - ok
11:17:23.0281 2952 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
11:17:23.0281 2952 C:\WINDOWS\system32\xpsp2res.dll - ok
11:17:23.0281 2952 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
11:17:23.0281 2952 C:\WINDOWS\system32\eventlog.dll - ok
11:17:23.0281 2952 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
11:17:23.0281 2952 C:\WINDOWS\system32\mswsock.dll - ok
11:17:23.0296 2952 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
11:17:23.0296 2952 C:\WINDOWS\system32\hnetcfg.dll - ok
11:17:23.0296 2952 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
11:17:23.0296 2952 C:\WINDOWS\system32\winrnr.dll - ok
11:17:23.0296 2952 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
11:17:23.0296 2952 C:\WINDOWS\system32\wshtcpip.dll - ok
11:17:23.0296 2952 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
11:17:23.0296 2952 C:\WINDOWS\system32\rasadhlp.dll - ok
11:17:23.0296 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] C:\WINDOWS\system32\uxtuneup.dll
11:17:23.0296 2952 C:\WINDOWS\system32\uxtuneup.dll - ok
11:17:23.0296 2952 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
11:17:23.0296 2952 C:\WINDOWS\system32\dbghelp.dll - ok
11:17:23.0296 2952 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
11:17:23.0296 2952 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
11:17:23.0296 2952 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
11:17:23.0296 2952 C:\WINDOWS\system32\dhcpcsvc.dll - ok
11:17:23.0296 2952 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
11:17:23.0296 2952 C:\WINDOWS\system32\cscdll.dll - ok
11:17:23.0296 2952 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
11:17:23.0296 2952 C:\WINDOWS\system32\dimsntfy.dll - ok
11:17:23.0296 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
11:17:23.0296 2952 C:\WINDOWS\system32\dnsrslvr.dll - ok
11:17:23.0296 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
11:17:23.0296 2952 C:\WINDOWS\system32\wzcsvc.dll - ok
11:17:23.0312 2952 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
11:17:23.0312 2952 C:\WINDOWS\system32\wlnotify.dll - ok
11:17:23.0312 2952 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
11:17:23.0312 2952 C:\WINDOWS\system32\rtutils.dll - ok
11:17:23.0312 2952 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
11:17:23.0312 2952 C:\WINDOWS\system32\wmi.dll - ok
11:17:23.0312 2952 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
11:17:23.0312 2952 C:\WINDOWS\system32\eapolqec.dll - ok
11:17:23.0312 2952 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
11:17:23.0312 2952 C:\WINDOWS\system32\WgaLogon.dll - ok
11:17:23.0312 2952 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
11:17:23.0312 2952 C:\WINDOWS\system32\atl.dll - ok
11:17:23.0312 2952 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
11:17:23.0312 2952 C:\WINDOWS\system32\qutil.dll - ok
11:17:23.0312 2952 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
11:17:23.0312 2952 C:\WINDOWS\system32\dot3api.dll - ok
11:17:23.0312 2952 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
11:17:23.0312 2952 C:\WINDOWS\system32\esent.dll - ok
11:17:23.0312 2952 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
11:17:23.0312 2952 C:\WINDOWS\system32\msxml3.dll - ok
11:17:23.0312 2952 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
11:17:23.0312 2952 C:\WINDOWS\system32\rastls.dll - ok
11:17:23.0312 2952 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
11:17:23.0312 2952 C:\WINDOWS\system32\cryptui.dll - ok
11:17:23.0328 2952 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll
11:17:23.0328 2952 C:\WINDOWS\system32\wininet.dll - ok
11:17:23.0328 2952 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
11:17:23.0328 2952 C:\WINDOWS\system32\normaliz.dll - ok
11:17:23.0328 2952 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll
11:17:23.0328 2952 C:\WINDOWS\system32\urlmon.dll - ok
11:17:23.0328 2952 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll
11:17:23.0328 2952 C:\WINDOWS\system32\iertutil.dll - ok
11:17:23.0328 2952 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
11:17:23.0328 2952 C:\WINDOWS\system32\mprapi.dll - ok
11:17:23.0328 2952 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
11:17:23.0328 2952 C:\WINDOWS\system32\activeds.dll - ok
11:17:23.0328 2952 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
11:17:23.0328 2952 C:\WINDOWS\system32\adsldpc.dll - ok
11:17:23.0328 2952 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
11:17:23.0328 2952 C:\WINDOWS\system32\rasapi32.dll - ok
11:17:23.0328 2952 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
11:17:23.0328 2952 C:\WINDOWS\system32\rasman.dll - ok
11:17:23.0328 2952 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
11:17:23.0328 2952 C:\WINDOWS\system32\tapi32.dll - ok
11:17:23.0328 2952 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
11:17:23.0328 2952 C:\WINDOWS\system32\riched20.dll - ok
11:17:23.0328 2952 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
11:17:23.0328 2952 C:\WINDOWS\system32\raschap.dll - ok
11:17:23.0343 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
11:17:23.0343 2952 C:\WINDOWS\system32\schedsvc.dll - ok
11:17:23.0343 2952 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
11:17:23.0343 2952 C:\WINDOWS\system32\msidle.dll - ok
11:17:23.0343 2952 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
11:17:23.0343 2952 C:\WINDOWS\system32\cscui.dll - ok
11:17:23.0343 2952 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
11:17:23.0343 2952 C:\WINDOWS\system32\spoolsv.exe - ok
11:17:23.0343 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
11:17:23.0343 2952 C:\WINDOWS\system32\audiosrv.dll - ok
11:17:23.0343 2952 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
11:17:23.0343 2952 C:\WINDOWS\system32\dpcdll.dll - ok
11:17:23.0343 2952 [ 8AE99EBE30E8338907361018D9030835 ] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe - ok
11:17:23.0343 2952 [ DD82EB68D97944B192C7803EB585B03C ] C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl
11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl - ok
11:17:23.0343 2952 [ 773EBD87010A6F644869A59D98792C9C ] C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl
11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl - ok
11:17:23.0343 2952 [ 8A73E259446AEADF64EA884F2BCE4E69 ] C:\Program Files\IObit\IObit Malware Fighter\datastate.dll
11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\datastate.dll - ok
11:17:23.0343 2952 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
11:17:23.0343 2952 C:\WINDOWS\system32\userinit.exe - ok
11:17:23.0359 2952 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
11:17:23.0359 2952 C:\WINDOWS\system32\WgaTray.exe - ok
11:17:23.0359 2952 [ 452DB84283EB2F043827AC95D62CE19C ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok
11:17:23.0359 2952 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
11:17:23.0359 2952 C:\WINDOWS\explorer.exe - ok
11:17:23.0359 2952 [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl
11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok
11:17:23.0359 2952 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
11:17:23.0359 2952 C:\WINDOWS\system32\browseui.dll - ok
11:17:23.0359 2952 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
11:17:23.0359 2952 C:\WINDOWS\system32\cryptnet.dll - ok
11:17:23.0359 2952 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
11:17:23.0359 2952 C:\WINDOWS\system32\sensapi.dll - ok
11:17:23.0359 2952 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
11:17:23.0359 2952 C:\WINDOWS\system32\shdocvw.dll - ok
11:17:23.0359 2952 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
11:17:23.0359 2952 C:\WINDOWS\system32\winhttp.dll - ok
11:17:23.0359 2952 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
11:17:23.0359 2952 C:\WINDOWS\system32\wkssvc.dll - ok
11:17:23.0359 2952 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
11:17:23.0359 2952 C:\WINDOWS\system32\shfolder.dll - ok
11:17:23.0359 2952 [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL
11:17:23.0359 2952 C:\WINDOWS\system32\LegitCheckControl.DLL - ok
11:17:23.0359 2952 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
11:17:23.0359 2952 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
11:17:23.0375 2952 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
11:17:23.0375 2952 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
11:17:23.0375 2952 [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok
11:17:23.0375 2952 [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok
11:17:23.0375 2952 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
11:17:23.0375 2952 C:\WINDOWS\system32\desk.cpl - ok
11:17:23.0375 2952 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
11:17:23.0375 2952 C:\WINDOWS\system32\themeui.dll - ok
11:17:23.0375 2952 [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok
11:17:23.0375 2952 [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok
11:17:23.0375 2952 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
11:17:23.0375 2952 C:\WINDOWS\system32\actxprxy.dll - ok
11:17:23.0375 2952 [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok
11:17:23.0375 2952 [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok
11:17:23.0375 2952 [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl
11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok
11:17:23.0375 2952 [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok
11:17:23.0390 2952 [ 9244E0240A1D150581C3BAA89D8AA154 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok
11:17:23.0390 2952 [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok
11:17:23.0390 2952 [ 8F220DCB4AA4B2A12ECE5B87C701170D ] C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl - ok
11:17:23.0390 2952 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
11:17:23.0390 2952 C:\WINDOWS\system32\cabinet.dll - ok
11:17:23.0390 2952 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
11:17:23.0390 2952 C:\WINDOWS\system32\olepro32.dll - ok
11:17:23.0390 2952 [ CA3B195D98BDBBB7D50C70372CF3005F ] C:\WINDOWS\system32\jsproxy.dll
11:17:23.0390 2952 C:\WINDOWS\system32\jsproxy.dll - ok
11:17:23.0390 2952 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
11:17:23.0390 2952 C:\WINDOWS\system32\hhctrl.ocx - ok
11:17:23.0390 2952 [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll
11:17:23.0390 2952 C:\WINDOWS\system32\srclient.dll - ok
11:17:23.0390 2952 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
11:17:23.0390 2952 C:\WINDOWS\system32\wbem\framedyn.dll - ok
11:17:23.0390 2952 [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok
11:17:23.0390 2952 [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll
11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok
11:17:23.0406 2952 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
11:17:23.0406 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
11:17:23.0406 2952 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
11:17:23.0406 2952 C:\WINDOWS\system32\cmd.exe - ok
11:17:23.0406 2952 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
11:17:23.0406 2952 C:\WINDOWS\system32\mscms.dll - ok
11:17:23.0406 2952 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
11:17:23.0406 2952 C:\WINDOWS\system32\localspl.dll - ok
11:17:23.0406 2952 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
11:17:23.0406 2952 C:\WINDOWS\system32\spoolss.dll - ok
11:17:23.0406 2952 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
11:17:23.0406 2952 C:\WINDOWS\system32\cnbjmon.dll - ok
11:17:23.0406 2952 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll
11:17:23.0406 2952 C:\WINDOWS\system32\ieframe.dll - ok
11:17:23.0406 2952 [ 10F23AE633810BBE7FDA6999714BF166 ] C:\WINDOWS\system32\hpz3l43a.dll
11:17:23.0406 2952 C:\WINDOWS\system32\hpz3l43a.dll - ok
11:17:23.0406 2952 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
11:17:23.0406 2952 C:\WINDOWS\system32\pjlmon.dll - ok
11:17:23.0406 2952 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
11:17:23.0406 2952 C:\WINDOWS\system32\tcpmon.dll - ok
11:17:23.0406 2952 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
11:17:23.0406 2952 C:\WINDOWS\system32\usbmon.dll - ok
11:17:23.0406 2952 [ EA1B063208E4AE322BDF3F2FA235CC9D ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
11:17:23.0406 2952 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll - ok
11:17:23.0406 2952 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
11:17:23.0406 2952 C:\WINDOWS\system32\netrap.dll - ok
11:17:23.0421 2952 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
11:17:23.0421 2952 C:\WINDOWS\system32\win32spl.dll - ok
11:17:23.0421 2952 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
11:17:23.0421 2952 C:\WINDOWS\system32\inetpp.dll - ok
11:17:23.0421 2952 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll
11:17:23.0421 2952 C:\WINDOWS\system32\icm32.dll - ok
11:17:23.0421 2952 [ A0E86BA4B3E56C1DC277BD7CCEC555DA ] C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll
11:17:23.0421 2952 C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll - ok
11:17:23.0421 2952 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
11:17:23.0421 2952 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
11:17:23.0421 2952 C:\WINDOWS\system32\wdmaud.drv - ok
11:17:23.0421 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
11:17:23.0421 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\splitter.sys - ok
11:17:23.0421 2952 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\aec.sys - ok
11:17:23.0421 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\swmidi.sys - ok
11:17:23.0421 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
11:17:23.0421 2952 C:\WINDOWS\system32\drivers\dmusic.sys - ok
11:17:23.0437 2952 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
11:17:23.0437 2952 C:\WINDOWS\system32\drivers\kmixer.sys - ok
11:17:23.0437 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
11:17:23.0437 2952 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
11:17:23.0437 2952 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
11:17:23.0437 2952 C:\WINDOWS\system32\midimap.dll - ok
11:17:23.0437 2952 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
11:17:23.0437 2952 C:\WINDOWS\system32\msacm32.drv - ok
11:17:23.0437 2952 [ F52603B708438E39FF38475807A01CBC ] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe - ok
11:17:23.0437 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
11:17:23.0437 2952 C:\WINDOWS\system32\drivers\parport.sys - ok
11:17:23.0437 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll
11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll - ok
11:17:23.0437 2952 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok
11:17:23.0437 2952 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok
11:17:23.0437 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll
11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll - ok
11:17:23.0437 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll
11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll - ok
11:17:23.0437 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll
11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll - ok
11:17:23.0437 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\AMSP\utilInstallation.dll
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilInstallation.dll - ok
11:17:23.0453 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll - ok
11:17:23.0453 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\AMSP\utilThread.dll
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilThread.dll - ok
11:17:23.0453 2952 [ 7F9454A776CA6BFB655D8F49CA6110F6 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe - ok
11:17:23.0453 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
11:17:23.0453 2952 [ 02AFDA1F5BFF989560B3C8BD7D8F355E ] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe - ok
11:17:23.0453 2952 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
11:17:23.0453 2952 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
11:17:23.0453 2952 [ 37864FB65C85C28BB928A9972A02F186 ] C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe - ok
11:17:23.0453 2952 [ 6C15AA98FDD8731CE9560A36F5771986 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe - ok
11:17:23.0453 2952 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll
11:17:23.0453 2952 C:\WINDOWS\system32\mscoree.dll - ok
11:17:23.0453 2952 [ 09588529557D695FA74275AF7C69219F ] C:\Program Files\Trend Micro\AMSP\sqlite3.dll
11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\sqlite3.dll - ok
11:17:23.0453 2952 [ AB690CD34CF4B4E3DDF78FD4FBCF88C3 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll
11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll - ok
11:17:23.0468 2952 [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll
11:17:23.0468 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok
11:17:23.0468 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:17:23.0468 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe - ok
11:17:23.0468 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll
11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll - ok
11:17:23.0468 2952 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
11:17:23.0468 2952 C:\WINDOWS\system32\cryptsvc.dll - ok
11:17:23.0468 2952 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
11:17:23.0468 2952 C:\WINDOWS\system32\certcli.dll - ok
11:17:23.0468 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\AMSP\utilIPC.dll
11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilIPC.dll - ok
11:17:23.0468 2952 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll
11:17:23.0468 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok
11:17:23.0468 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\AMSP\utilRPC.dll
11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilRPC.dll - ok
11:17:23.0468 2952 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
11:17:23.0468 2952 C:\WINDOWS\system32\pdh.dll - ok
11:17:23.0468 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll
11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll - ok
11:17:23.0468 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll
11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll - ok
11:17:23.0468 2952 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
11:17:23.0468 2952 C:\WINDOWS\system32\odbcbcp.dll - ok
11:17:23.0484 2952 [ 032320A85D15EFD4988FE4A38FF539AC ] C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll
11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll - ok
11:17:23.0484 2952 [ AAED5AC724069372C3983E0E10E5D349 ] C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll
11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll - ok
11:17:23.0484 2952 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll
11:17:23.0484 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok
11:17:23.0484 2952 [ 5ABF7951B2B40BBDFC6DBC895F956D17 ] C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll
11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll - ok
11:17:23.0484 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll
11:17:23.0484 2952 C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll - ok
11:17:23.0484 2952 [ 49A612FBAE2FCDE6044E7F3226D2263D ] C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll
11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll - ok
11:17:23.0484 2952 [ 41EFA82C864083025ED9FF17482CBA53 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll
11:17:23.0484 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll - ok
11:17:23.0484 2952 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
11:17:23.0484 2952 C:\WINDOWS\system32\hid.dll - ok
11:17:23.0484 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
11:17:23.0484 2952 C:\WINDOWS\system32\hidserv.dll - ok
11:17:23.0484 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] C:\WINDOWS\system32\HPZipm12.exe
11:17:23.0484 2952 C:\WINDOWS\system32\HPZipm12.exe - ok
11:17:23.0484 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] C:\WINDOWS\system32\IoctlSvc.exe
11:17:23.0484 2952 C:\WINDOWS\system32\IoctlSvc.exe - ok
11:17:23.0484 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
11:17:23.0484 2952 C:\WINDOWS\system32\netman.dll - ok
11:17:23.0500 2952 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
11:17:23.0500 2952 C:\WINDOWS\system32\ipsecsvc.dll - ok
11:17:23.0500 2952 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
11:17:23.0500 2952 C:\WINDOWS\system32\netshell.dll - ok
11:17:23.0500 2952 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
11:17:23.0500 2952 C:\WINDOWS\system32\oakley.dll - ok
11:17:23.0500 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok
11:17:23.0500 2952 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
11:17:23.0500 2952 C:\WINDOWS\system32\winipsec.dll - ok
11:17:23.0500 2952 [ 95DDCEF11BA9BA30402C7FA8C893A59C ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll
11:17:23.0500 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll - ok
11:17:23.0500 2952 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
11:17:23.0500 2952 C:\WINDOWS\system32\pstorsvc.dll - ok
11:17:23.0500 2952 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
11:17:23.0500 2952 C:\WINDOWS\system32\credui.dll - ok
11:17:23.0500 2952 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
11:17:23.0500 2952 C:\WINDOWS\system32\psbase.dll - ok
11:17:23.0500 2952 [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok
11:17:23.0500 2952 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
11:17:23.0500 2952 C:\WINDOWS\system32\dot3dlg.dll - ok
11:17:23.0500 2952 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
11:17:23.0500 2952 C:\WINDOWS\system32\dssenh.dll - ok
11:17:23.0515 2952 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
11:17:23.0515 2952 C:\WINDOWS\system32\onex.dll - ok
11:17:23.0515 2952 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
11:17:23.0515 2952 C:\WINDOWS\system32\eappcfg.dll - ok
11:17:23.0515 2952 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
11:17:23.0515 2952 C:\WINDOWS\system32\eappprxy.dll - ok
11:17:23.0515 2952 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
11:17:23.0515 2952 C:\WINDOWS\system32\vssapi.dll - ok
11:17:23.0515 2952 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
11:17:23.0515 2952 C:\WINDOWS\system32\wzcsapi.dll - ok
11:17:23.0515 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
11:17:23.0515 2952 C:\WINDOWS\system32\srvsvc.dll - ok
11:17:23.0515 2952 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
11:17:23.0515 2952 C:\WINDOWS\system32\netmsg.dll - ok
11:17:23.0515 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
11:17:23.0515 2952 C:\WINDOWS\system32\es.dll - ok
11:17:23.0515 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
11:17:23.0515 2952 C:\WINDOWS\system32\drivers\srv.sys - ok
11:17:23.0515 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:17:23.0515 2952 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok
11:17:23.0515 2952 [ 118EDC3E712FF83CE25612081A69075D ] C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
11:17:23.0515 2952 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe - ok
11:17:23.0515 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
11:17:23.0515 2952 C:\WINDOWS\system32\seclogon.dll - ok
11:17:23.0515 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
11:17:23.0515 2952 C:\WINDOWS\system32\sens.dll - ok
11:17:23.0531 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
11:17:23.0531 2952 C:\WINDOWS\system32\srsvc.dll - ok
11:17:23.0531 2952 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
11:17:23.0531 2952 C:\WINDOWS\system32\msi.dll - ok
11:17:23.0531 2952 [ 3F9A3232E5F942874488981F3242C989 ] C:\Program Files\UPHClean\uphclean.exe
11:17:23.0531 2952 C:\Program Files\UPHClean\uphclean.exe - ok
11:17:23.0531 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
11:17:23.0531 2952 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe - ok
11:17:23.0531 2952 [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys
11:17:23.0531 2952 C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok
11:17:23.0531 2952 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
11:17:23.0531 2952 C:\WINDOWS\system32\wuaueng.dll - ok
11:17:23.0531 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
11:17:23.0531 2952 C:\WINDOWS\system32\wuauserv.dll - ok
11:17:23.0531 2952 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
11:17:23.0531 2952 C:\WINDOWS\system32\mspatcha.dll - ok
11:17:23.0531 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:17:23.0531 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok
11:17:23.0531 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
11:17:23.0531 2952 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
11:17:23.0531 2952 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
11:17:23.0531 2952 C:\WINDOWS\system32\comsvcs.dll - ok
11:17:23.0546 2952 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
11:17:23.0546 2952 C:\WINDOWS\system32\colbact.dll - ok
11:17:23.0546 2952 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
11:17:23.0546 2952 C:\WINDOWS\system32\clusapi.dll - ok
11:17:23.0546 2952 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
11:17:23.0546 2952 C:\WINDOWS\system32\mtxclu.dll - ok
11:17:23.0546 2952 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
11:17:23.0546 2952 C:\WINDOWS\system32\resutils.dll - ok
11:17:23.0546 2952 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wups.dll - ok
11:17:23.0546 2952 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wups2.dll - ok
11:17:23.0546 2952 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
11:17:23.0546 2952 C:\WINDOWS\system32\wuauclt.exe - ok
11:17:23.0546 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
11:17:23.0546 2952 C:\WINDOWS\system32\ipnathlp.dll - ok
11:17:23.0546 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wscsvc.dll - ok
11:17:23.0546 2952 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
11:17:23.0546 2952 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wbem\esscli.dll - ok
11:17:23.0546 2952 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
11:17:23.0546 2952 C:\WINDOWS\system32\wbem\fastprox.dll - ok
11:17:23.0562 2952 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
11:17:23.0562 2952 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
11:17:23.0562 2952 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
11:17:23.0562 2952 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
11:17:23.0562 2952 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemess.dll - ok
11:17:23.0562 2952 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wuapi.dll - ok
11:17:23.0562 2952 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\ncprov.dll - ok
11:17:23.0562 2952 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
11:17:23.0562 2952 [ E5244A5462FA1F0267D8923538530AF4 ] C:\WINDOWS\system32\nlsdl.dll
11:17:23.0562 2952 C:\WINDOWS\system32\nlsdl.dll - ok
11:17:23.0562 2952 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
11:17:23.0562 2952 C:\WINDOWS\system32\linkinfo.dll - ok
11:17:23.0562 2952 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
11:17:23.0562 2952 C:\WINDOWS\system32\ntshrui.dll - ok
11:17:23.0562 2952 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe
11:17:23.0562 2952 C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe - ok
11:17:23.0578 2952 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
11:17:23.0578 2952 C:\WINDOWS\system32\msctf.dll - ok
11:17:23.0578 2952 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
11:17:23.0578 2952 C:\WINDOWS\system32\msutb.dll - ok
11:17:23.0578 2952 [ 0671A791C292F46423CFE37B53D598D0 ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll
11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok
11:17:23.0578 2952 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
11:17:23.0578 2952 C:\WINDOWS\system32\verclsid.exe - ok
11:17:23.0578 2952 [ FAD9807ACDE89A34D2EB4743D57016D7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll
11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok
11:17:23.0578 2952 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40459742.sys
11:17:23.0578 2952 C:\WINDOWS\system32\drivers\40459742.sys - ok
11:17:23.0578 2952 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
11:17:23.0578 2952 C:\WINDOWS\system32\mlang.dll - ok
11:17:23.0578 2952 [ 569CDDD12656B793732A573D192472F5 ] C:\Program Files\AVG Secure Search\HF_G_Jul.exe
11:17:23.0578 2952 C:\Program Files\AVG Secure Search\HF_G_Jul.exe - ok
11:17:23.0578 2952 [ C25602103B927A359B3ED9307EB37ED6 ] C:\Program Files\AVG Secure Search\vprot.exe
11:17:23.0578 2952 C:\Program Files\AVG Secure Search\vprot.exe - ok
11:17:23.0578 2952 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
11:17:23.0578 2952 C:\WINDOWS\system32\upnp.dll - ok
11:17:23.0578 2952 [ D29046DC1D22561F3CE08DAC22BBB17B ] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe
11:17:23.0578 2952 C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe - ok
11:17:23.0578 2952 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:17:23.0578 2952 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
11:17:23.0593 2952 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
11:17:23.0593 2952 C:\WINDOWS\system32\rundll32.exe - ok
11:17:23.0593 2952 [ 102596AFB271F540E0C77C3634775FE6 ] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe
11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe - ok
11:17:23.0593 2952 [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
11:17:23.0593 2952 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok
11:17:23.0593 2952 [ F290C5F240CD5D0B60C5168A0FA1F2E2 ] C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe - ok
11:17:23.0593 2952 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
11:17:23.0593 2952 C:\WINDOWS\system32\ssdpapi.dll - ok
11:17:23.0593 2952 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
11:17:23.0593 2952 C:\WINDOWS\system32\netcfgx.dll - ok
11:17:23.0593 2952 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
11:17:23.0593 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
11:17:23.0593 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll
11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll - ok
11:17:23.0593 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll
11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll - ok
11:17:23.0593 2952 [ 6BD2C65C3CC612891B552EBB3A7F5370 ] C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll
11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll - ok
11:17:23.0593 2952 [ 2A840675AA2FA3183A86859D441B1B9B ] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - ok
11:17:23.0593 2952 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
11:17:23.0593 2952 C:\WINDOWS\system32\webcheck.dll - ok
11:17:23.0609 2952 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
11:17:23.0609 2952 C:\WINDOWS\system32\batmeter.dll - ok
11:17:23.0609 2952 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
11:17:23.0609 2952 C:\WINDOWS\system32\stobject.dll - ok
11:17:23.0609 2952 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
11:17:23.0609 2952 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
11:17:23.0609 2952 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
11:17:23.0609 2952 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
11:17:23.0609 2952 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
11:17:23.0609 2952 C:\WINDOWS\system32\mydocs.dll - ok
11:17:23.0609 2952 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
11:17:23.0609 2952 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
11:17:23.0609 2952 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
11:17:23.0609 2952 C:\WINDOWS\system32\usp10.dll - ok
11:17:23.0609 2952 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
11:17:23.0609 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
11:17:23.0609 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll
11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll - ok
11:17:23.0609 2952 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
11:17:23.0609 2952 C:\WINDOWS\system32\rasdlg.dll - ok
11:17:23.0609 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll
11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll - ok
11:17:23.0625 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll - ok
11:17:23.0625 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll - ok
11:17:23.0625 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll - ok
11:17:23.0625 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll - ok
11:17:23.0625 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll - ok
11:17:23.0625 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll - ok
11:17:23.0625 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll - ok
11:17:23.0625 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll - ok
11:17:23.0625 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll
11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll - ok
11:17:23.0625 2952 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
11:17:23.0625 2952 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
11:17:23.0625 2952 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
11:17:23.0625 2952 C:\WINDOWS\system32\msvcp100.dll - ok
11:17:23.0625 2952 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
11:17:23.0625 2952 C:\WINDOWS\system32\msvcr100.dll - ok
11:17:23.0640 2952 [ D870F564BA017FEFC51D2B3C7E2B568B ] C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
11:17:23.0640 2952 C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll - ok
11:17:23.0640 2952 [ 396F72E102E368E402736813ED6683C7 ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll - ok
11:17:23.0640 2952 [ 54E2D3E2B827A8C3E4B907A4711A31AF ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll - ok
11:17:23.0640 2952 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
11:17:23.0640 2952 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
11:17:23.0640 2952 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
11:17:23.0640 2952 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
11:17:23.0640 2952 C:\WINDOWS\system32\security.dll - ok
11:17:23.0640 2952 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
11:17:23.0640 2952 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
11:17:23.0640 2952 C:\WINDOWS\system32\cfgmgr32.dll - ok
11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll
11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll - ok
11:17:23.0640 2952 [ C1630C379C86AF26E8071F918F48637C ] C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll
11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll - ok
11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll
11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll - ok
11:17:23.0640 2952 [ 767FD31EC6BD6173756ED46400BD0394 ] C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll
11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll - ok
11:17:23.0656 2952 [ 166C8CEB569EF57626A1466BFE5DDFBC ] C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll - ok
11:17:23.0656 2952 [ 7B97CD8C5ABA843D82114B77A4CB9FB5 ] C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll - ok
11:17:23.0656 2952 [ 48F2986BAFC9A7BDB694AE6FF8E0157E ] C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll - ok
11:17:23.0656 2952 [ A60E337E5C366AFAFAE5E0751826BEFD ] C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\libprotobuf.dll - ok
11:17:23.0656 2952 [ B95D1CEC2EF487CFF16FF5D4B058294A ] C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll - ok
11:17:23.0656 2952 [ BF2222B87C8761A9D4B78F1BACFF0E87 ] C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll - ok
11:17:23.0656 2952 [ 4796E57D857ED1B3C8D00712E9DBC40A ] C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll - ok
11:17:23.0656 2952 [ 8102BAB3919F8D627808916294A7CB91 ] C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll - ok
11:17:23.0656 2952 [ 3A8269C4062B46EF6C7075CA29F8FB86 ] C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll - ok
11:17:23.0656 2952 [ 9F7BA8C8D12FFEC4DCF35070B894D018 ] C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll - ok
11:17:23.0656 2952 [ 8A9A1C50BBBF159ADC16397550180470 ] C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll - ok
11:17:23.0656 2952 [ 55295E10ED6D63B778908C5DEE1B65C4 ] C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll
11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll - ok
11:17:23.0671 2952 [ 3F5F21B9B4A2CA16D2825147395220DF ] C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll - ok
11:17:23.0671 2952 [ DB23CB8ED6D0459BE01DF87F3AE48CB8 ] C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll - ok
11:17:23.0671 2952 [ E5276D9A384609679C6925021E1C606A ] C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll - ok
11:17:23.0671 2952 [ 6DCC9211C76C380DCABB53F62DDB0BDF ] C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll - ok
11:17:23.0671 2952 [ 3117843D22D54AAF379C19CA7D612C76 ] C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll - ok
11:17:23.0671 2952 [ D7D81782F793C417CA7EC22EB7852A34 ] C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll - ok
11:17:23.0671 2952 [ DACC9B0A1134E5AE263F8AE69E13AB0B ] C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll - ok
11:17:23.0671 2952 [ 3485D3E48434930A4992329FFAB7C7B8 ] C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll - ok
11:17:23.0671 2952 [ 5E6162C9E9B56ECB4EB323436165ABA6 ] C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll - ok
11:17:23.0671 2952 [ 7BF25CE72FDAE9145502459766C391AC ] C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll - ok
11:17:23.0671 2952 [ 9CAE50E7E5F4513151C4394EF0ADBD18 ] C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll - ok
11:17:23.0671 2952 [ 19738D06F0FEA843409C456F07F68DF9 ] C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll
11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll - ok
11:17:23.0687 2952 [ BA579C58DB2E90B1309D594776480E41 ] C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll - ok
11:17:23.0687 2952 [ B5E4ED1579EBED2E600BDD889A93CB0C ] C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll - ok
11:17:23.0687 2952 [ C033C4A259CFE9D392455755C6F5D44F ] C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll - ok
11:17:23.0687 2952 [ 7B40AE9B3B9D6F1A3CC2A42F8A809F45 ] C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll - ok
11:17:23.0687 2952 [ EE8681F8FF1A3BC2ABB8FCDAFE62A8A2 ] C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll - ok
11:17:23.0687 2952 [ FC061EBC804BF83DD729B0077514DC73 ] C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll - ok
11:17:23.0687 2952 [ 285B47EAD7A8D8F01120170F3C513F89 ] C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll - ok
11:17:23.0687 2952 [ 36D4F70629990ABEAD2F52BAAA1B8C19 ] C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll - ok
11:17:23.0687 2952 [ 3852FF230E9ABA1E18C670FA891BA409 ] C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll - ok
11:17:23.0687 2952 [ 8990207AE499C7D8ED5BE62DBCF02283 ] C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll - ok
11:17:23.0687 2952 [ C6755C665A01532D3C771FB0CC929EEF ] C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll - ok
11:17:23.0687 2952 [ 71AA893314D164F483EA6E9FBE815B87 ] C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll
11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll - ok
11:17:23.0703 2952 [ B7423E099AE3DDCE20E5AD3CAD4B71F9 ] C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll - ok
11:17:23.0703 2952 [ 9DA1F44786834B4961309BFD60F18248 ] C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll - ok
11:17:23.0703 2952 [ 11262E9F8455E5F30C69E917E0103E01 ] C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll - ok
11:17:23.0703 2952 [ 9EA2D216C448D570A12694743D1F3518 ] C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll - ok
11:17:23.0703 2952 [ 3FE418C9408EA5FC2B740B2CAABC71E1 ] C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll - ok
11:17:23.0703 2952 [ DA4569BF80F3AEF8D09A7E01C2DD8FB8 ] C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll - ok
11:17:23.0703 2952 [ 988A84A1E59647390044170E33D5337F ] C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll
11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll - ok
11:17:23.0703 2952 ============================================================
11:17:23.0703 2952 Scan finished
11:17:23.0703 2952 ============================================================
11:17:23.0703 2944 Detected object count: 0
11:17:23.0703 2944 Actual detected object count: 0
-
11:16:47.0031 3336 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:16:47.0781 3336 ============================================================
11:16:47.0781 3336 Current date / time: 2013/01/09 11:16:47.0781
11:16:47.0781 3336 SystemInfo:
11:16:47.0781 3336
11:16:47.0781 3336 OS Version: 5.1.2600 ServicePack: 3.0
11:16:47.0781 3336 Product type: Workstation
11:16:47.0781 3336 ComputerName: HOME
11:16:47.0781 3336 UserName: NEIL'S
11:16:47.0781 3336 Windows directory: C:\WINDOWS
11:16:47.0781 3336 System windows directory: C:\WINDOWS
11:16:47.0781 3336 Processor architecture: Intel x86
11:16:47.0781 3336 Number of processors: 2
11:16:47.0781 3336 Page size: 0x1000
11:16:47.0781 3336 Boot type: Normal boot
11:16:47.0781 3336 ============================================================
11:16:48.0890 3336 BG loaded
11:16:49.0218 3336 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:16:49.0218 3336 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:16:49.0234 3336 ============================================================
11:16:49.0234 3336 \Device\Harddisk0\DR0:
11:16:49.0234 3336 MBR partitions:
11:16:49.0234 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
11:16:49.0234 3336 \Device\Harddisk1\DR1:
11:16:49.0234 3336 MBR partitions:
11:16:49.0234 3336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
11:16:49.0234 3336 ============================================================
11:16:49.0281 3336 C: <-> \Device\Harddisk0\DR0\Partition1
11:16:49.0296 3336 F: <-> \Device\Harddisk1\DR1\Partition1
11:16:49.0296 3336 ============================================================
11:16:49.0296 3336 Initialize success
11:16:49.0296 3336 ============================================================
11:17:13.0984 2952 ============================================================
11:17:13.0984 2952 Scan started
11:17:13.0984 2952 Mode: Manual; TDLFS;
11:17:13.0984 2952 ============================================================
11:17:14.0250 2952 ================ Scan system memory ========================
11:17:14.0250 2952 System memory - ok
11:17:14.0250 2952 ================ Scan services =============================
11:17:14.0312 2952 A2DDA - ok
11:17:14.0312 2952 Abiosdsk - ok
11:17:14.0312 2952 abp480n5 - ok
11:17:14.0328 2952 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:17:14.0328 2952 ACPI - ok
11:17:14.0343 2952 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:17:14.0343 2952 ACPIEC - ok
11:17:14.0375 2952 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:17:14.0375 2952 AdobeFlashPlayerUpdateSvc - ok
11:17:14.0375 2952 adpu160m - ok
11:17:14.0421 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:17:14.0421 2952 AdvancedSystemCareService6 - ok
11:17:14.0437 2952 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:17:14.0437 2952 aec - ok
11:17:14.0453 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:17:14.0453 2952 AFD - ok
11:17:14.0453 2952 Aha154x - ok
11:17:14.0468 2952 aic78u2 - ok
11:17:14.0468 2952 aic78xx - ok
11:17:14.0484 2952 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:17:14.0484 2952 Alerter - ok
11:17:14.0484 2952 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:17:14.0484 2952 ALG - ok
11:17:14.0500 2952 AliIde - ok
11:17:14.0500 2952 amsint - ok
11:17:14.0546 2952 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
11:17:14.0546 2952 Amsp - ok
11:17:14.0562 2952 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:17:14.0562 2952 AppMgmt - ok
11:17:14.0562 2952 asc - ok
11:17:14.0562 2952 asc3350p - ok
11:17:14.0578 2952 asc3550 - ok
11:17:14.0578 2952 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys
11:17:14.0578 2952 AsIO - ok
11:17:14.0625 2952 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:17:14.0640 2952 aspnet_state - ok
11:17:14.0656 2952 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:17:14.0656 2952 AsyncMac - ok
11:17:14.0671 2952 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:17:14.0671 2952 atapi - ok
11:17:14.0687 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys
11:17:14.0687 2952 AtcL001 - ok
11:17:14.0687 2952 Atdisk - ok
11:17:14.0687 2952 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:17:14.0687 2952 Atmarpc - ok
11:17:14.0703 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:17:14.0703 2952 AudioSrv - ok
11:17:14.0718 2952 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:17:14.0718 2952 audstub - ok
11:17:14.0734 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
11:17:14.0734 2952 avgtp - ok
11:17:14.0734 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:17:14.0750 2952 Beep - ok
11:17:14.0765 2952 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:17:14.0781 2952 BITS - ok
11:17:14.0796 2952 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
11:17:14.0796 2952 Browser - ok
11:17:14.0812 2952 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:17:14.0812 2952 cbidf2k - ok
11:17:14.0812 2952 cd20xrnt - ok
11:17:14.0812 2952 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:17:14.0812 2952 Cdaudio - ok
11:17:14.0828 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:17:14.0828 2952 Cdfs - ok
11:17:14.0828 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:17:14.0828 2952 Cdrom - ok
11:17:14.0843 2952 Changer - ok
11:17:14.0859 2952 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:17:14.0859 2952 CiSvc - ok
11:17:14.0859 2952 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:17:14.0859 2952 ClipSrv - ok
11:17:14.0875 2952 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:14.0921 2952 clr_optimization_v2.0.50727_32 - ok
11:17:14.0937 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:14.0953 2952 clr_optimization_v4.0.30319_32 - ok
11:17:14.0953 2952 CmdIde - ok
11:17:14.0953 2952 COMSysApp - ok
11:17:14.0953 2952 Cpqarray - ok
11:17:14.0968 2952 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:17:14.0968 2952 CryptSvc - ok
11:17:14.0968 2952 dac2w2k - ok
11:17:14.0984 2952 dac960nt - ok
11:17:15.0000 2952 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:17:15.0000 2952 DcomLaunch - ok
11:17:15.0015 2952 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:17:15.0015 2952 Dhcp - ok
11:17:15.0031 2952 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:17:15.0031 2952 Disk - ok
11:17:15.0062 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:17:15.0078 2952 Diskeeper - ok
11:17:15.0078 2952 dmadmin - ok
11:17:15.0109 2952 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:17:15.0125 2952 dmboot - ok
11:17:15.0125 2952 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:17:15.0125 2952 dmio - ok
11:17:15.0140 2952 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:17:15.0140 2952 dmload - ok
11:17:15.0140 2952 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:17:15.0156 2952 dmserver - ok
11:17:15.0156 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:17:15.0156 2952 DMusic - ok
11:17:15.0171 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:17:15.0171 2952 Dnscache - ok
11:17:15.0187 2952 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:17:15.0187 2952 Dot3svc - ok
11:17:15.0187 2952 dpti2o - ok
11:17:15.0203 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:17:15.0203 2952 drmkaud - ok
11:17:15.0218 2952 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:17:15.0218 2952 EapHost - ok
11:17:15.0234 2952 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:17:15.0234 2952 ERSvc - ok
11:17:15.0234 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:17:15.0234 2952 Eventlog - ok
11:17:15.0250 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:17:15.0265 2952 EventSystem - ok
11:17:15.0265 2952 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:17:15.0265 2952 Fastfat - ok
11:17:15.0296 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:17:15.0296 2952 FastUserSwitchingCompatibility - ok
11:17:15.0312 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:17:15.0312 2952 Fdc - ok
11:17:15.0359 2952 [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
11:17:15.0359 2952 FileMonitor - ok
11:17:15.0375 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:17:15.0375 2952 Fips - ok
11:17:15.0390 2952 Fix-It Task Manager - ok
11:17:15.0390 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:17:15.0390 2952 Flpydisk - ok
11:17:15.0406 2952 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:17:15.0421 2952 FltMgr - ok
11:17:15.0437 2952 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:17:15.0437 2952 FontCache3.0.0.0 - ok
11:17:15.0437 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:17:15.0437 2952 Fs_Rec - ok
11:17:15.0453 2952 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:17:15.0453 2952 Ftdisk - ok
11:17:15.0453 2952 GMSIPCI - ok
11:17:15.0468 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:17:15.0468 2952 Gpc - ok
11:17:15.0484 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:17:15.0484 2952 HDAudBus - ok
11:17:15.0515 2952 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:17:15.0515 2952 helpsvc - ok
11:17:15.0531 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:17:15.0531 2952 HidServ - ok
11:17:15.0531 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:17:15.0531 2952 hidusb - ok
11:17:15.0546 2952 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:17:15.0546 2952 hkmsvc - ok
11:17:15.0593 2952 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
11:17:15.0593 2952 HP Port Resolver - ok
11:17:15.0609 2952 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
11:17:15.0609 2952 HP Status Server - ok
11:17:15.0609 2952 hpn - ok
11:17:15.0625 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:17:15.0625 2952 HPZid412 - ok
11:17:15.0640 2952 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:17:15.0640 2952 HPZipr12 - ok
11:17:15.0640 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:17:15.0640 2952 HPZius12 - ok
11:17:15.0656 2952 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:17:15.0656 2952 HTTP - ok
11:17:15.0671 2952 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:17:15.0671 2952 HTTPFilter - ok
11:17:15.0671 2952 i2omgmt - ok
11:17:15.0671 2952 i2omp - ok
11:17:15.0671 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:17:15.0671 2952 i8042prt - ok
11:17:15.0718 2952 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:17:15.0718 2952 IDriverT - ok
11:17:15.0734 2952 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:17:15.0750 2952 idsvc - ok
11:17:15.0765 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:17:15.0765 2952 Imapi - ok
11:17:15.0796 2952 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:17:15.0812 2952 ImapiService - ok
11:17:15.0875 2952 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
11:17:15.0875 2952 IMFservice - ok
11:17:15.0890 2952 ini910u - ok
11:17:16.0000 2952 [ 976BFBACF0099565B14810D4840CFC6F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:17:16.0015 2952 IntcAzAudAddService - ok
11:17:16.0015 2952 IntelIde - ok
11:17:16.0031 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:17:16.0031 2952 intelppm - ok
11:17:16.0046 2952 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:17:16.0046 2952 Ip6Fw - ok
11:17:16.0062 2952 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:17:16.0062 2952 IpFilterDriver - ok
11:17:16.0078 2952 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:17:16.0093 2952 IpInIp - ok
11:17:16.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:17:16.0109 2952 IpNat - ok
11:17:16.0109 2952 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:17:16.0109 2952 IPSec - ok
11:17:16.0125 2952 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:17:16.0125 2952 IRENUM - ok
11:17:16.0140 2952 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys
11:17:16.0140 2952 irsir - ok
11:17:16.0156 2952 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:17:16.0156 2952 isapnp - ok
11:17:16.0203 2952 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
11:17:16.0203 2952 JavaQuickStarterService - ok
11:17:16.0218 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:17:16.0218 2952 Kbdclass - ok
11:17:16.0218 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:17:16.0218 2952 kbdhid - ok
11:17:16.0218 2952 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:17:16.0218 2952 kmixer - ok
11:17:16.0234 2952 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:17:16.0234 2952 KSecDD - ok
11:17:16.0250 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:17:16.0250 2952 lanmanserver - ok
11:17:16.0265 2952 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:17:16.0265 2952 lanmanworkstation - ok
11:17:16.0265 2952 lbrtfdc - ok
11:17:16.0265 2952 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:17:16.0281 2952 LmHosts - ok
11:17:16.0281 2952 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:17:16.0281 2952 Messenger - ok
11:17:16.0296 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:16.0296 2952 mnmdd - ok
11:17:16.0328 2952 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:17:16.0328 2952 mnmsrvc - ok
11:17:16.0343 2952 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:17:16.0343 2952 Modem - ok
11:17:16.0359 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:17:16.0359 2952 Mouclass - ok
11:17:16.0390 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:17:16.0390 2952 mouhid - ok
11:17:16.0390 2952 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:17:16.0390 2952 MountMgr - ok
11:17:16.0406 2952 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:17:16.0406 2952 MozillaMaintenance - ok
11:17:16.0406 2952 mraid35x - ok
11:17:16.0421 2952 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:17:16.0421 2952 MRxDAV - ok
11:17:16.0468 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:17:16.0468 2952 MRxSmb - ok
11:17:16.0484 2952 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:17:16.0484 2952 MSDTC - ok
11:17:16.0500 2952 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:17:16.0500 2952 Msfs - ok
11:17:16.0500 2952 MSICPL - ok
11:17:16.0500 2952 MSIServer - ok
11:17:16.0515 2952 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:17:16.0515 2952 MSKSSRV - ok
11:17:16.0531 2952 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:17:16.0531 2952 MSPCLOCK - ok
11:17:16.0546 2952 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:17:16.0546 2952 MSPQM - ok
11:17:16.0562 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:17:16.0562 2952 mssmbios - ok
11:17:16.0578 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:17:16.0578 2952 MTsensor - ok
11:17:16.0593 2952 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:17:16.0593 2952 Mup - ok
11:17:16.0625 2952 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:17:16.0640 2952 napagent - ok
11:17:16.0703 2952 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
11:17:16.0734 2952 NBService - ok
11:17:16.0765 2952 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:17:16.0781 2952 NDIS - ok
11:17:16.0796 2952 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:17:16.0796 2952 NdisTapi - ok
11:17:16.0796 2952 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:17:16.0796 2952 Ndisuio - ok
11:17:16.0812 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:17:16.0828 2952 NdisWan - ok
11:17:16.0828 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:17:16.0828 2952 NDProxy - ok
11:17:16.0843 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:17:16.0843 2952 NetBIOS - ok
11:17:16.0859 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:17:16.0859 2952 NetBT - ok
11:17:16.0875 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:17:16.0890 2952 NetDDE - ok
11:17:16.0890 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:17:16.0890 2952 NetDDEdsdm - ok
11:17:16.0906 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:17:16.0906 2952 Netlogon - ok
11:17:16.0921 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:17:16.0921 2952 Netman - ok
11:17:16.0937 2952 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:17:16.0937 2952 NetTcpPortSharing - ok
11:17:16.0953 2952 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:17:16.0953 2952 Nla - ok
11:17:17.0015 2952 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:17:17.0031 2952 NMIndexingService - ok
11:17:17.0046 2952 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys
11:17:17.0062 2952 NPF - ok
11:17:17.0062 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:17:17.0062 2952 Npfs - ok
11:17:17.0062 2952 NTACCESS - ok
11:17:17.0093 2952 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:17:17.0125 2952 Ntfs - ok
11:17:17.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:17:17.0125 2952 NtLmSsp - ok
11:17:17.0140 2952 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:17:17.0156 2952 NtmsSvc - ok
11:17:17.0156 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:17:17.0156 2952 Null - ok
11:17:17.0421 2952 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:17:17.0453 2952 nv - ok
11:17:17.0484 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:17:17.0484 2952 NVSvc - ok
11:17:17.0500 2952 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:17:17.0515 2952 NwlnkFlt - ok
11:17:17.0531 2952 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:17:17.0531 2952 NwlnkFwd - ok
11:17:17.0593 2952 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:17:17.0593 2952 odserv - ok
11:17:17.0625 2952 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:17:17.0625 2952 ose - ok
11:17:17.0640 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:17:17.0640 2952 Parport - ok
11:17:17.0656 2952 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:17:17.0656 2952 PartMgr - ok
11:17:17.0671 2952 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:17:17.0671 2952 ParVdm - ok
11:17:17.0671 2952 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:17:17.0671 2952 PCI - ok
11:17:17.0671 2952 PCIDump - ok
11:17:17.0687 2952 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:17:17.0687 2952 PCIIde - ok
11:17:17.0703 2952 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:17:17.0718 2952 Pcmcia - ok
11:17:17.0718 2952 PDCOMP - ok
11:17:17.0718 2952 PDFRAME - ok
11:17:17.0718 2952 PDRELI - ok
11:17:17.0718 2952 PDRFRAME - ok
11:17:17.0718 2952 perc2 - ok
11:17:17.0718 2952 perc2hib - ok
11:17:17.0734 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
11:17:17.0734 2952 PLFlash DeviceIoControl Service - ok
11:17:17.0750 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:17:17.0750 2952 PlugPlay - ok
11:17:17.0765 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
11:17:17.0765 2952 Pml Driver HPZ12 - ok
11:17:17.0765 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:17:17.0765 2952 PolicyAgent - ok
11:17:17.0781 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:17:17.0781 2952 PptpMiniport - ok
11:17:17.0781 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:17:17.0781 2952 ProtectedStorage - ok
11:17:17.0781 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:17:17.0781 2952 PSched - ok
11:17:17.0796 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:17:17.0796 2952 Ptilink - ok
11:17:17.0796 2952 ql1080 - ok
11:17:17.0796 2952 Ql10wnt - ok
11:17:17.0796 2952 ql12160 - ok
11:17:17.0796 2952 ql1240 - ok
11:17:17.0796 2952 ql1280 - ok
11:17:17.0812 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:17:17.0812 2952 RasAcd - ok
11:17:17.0843 2952 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:17:17.0843 2952 RasAuto - ok
11:17:17.0859 2952 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:17:17.0875 2952 Rasirda - ok
11:17:17.0875 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:17:17.0875 2952 Rasl2tp - ok
11:17:17.0890 2952 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:17:17.0890 2952 RasMan - ok
11:17:17.0890 2952 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:17:17.0890 2952 RasPppoe - ok
11:17:17.0906 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:17:17.0906 2952 Raspti - ok
11:17:17.0937 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:17:17.0937 2952 Rdbss - ok
11:17:17.0953 2952 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:17:17.0953 2952 RDPCDD - ok
11:17:17.0968 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:17:17.0968 2952 rdpdr - ok
11:17:17.0984 2952 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:17:17.0984 2952 RDPWD - ok
11:17:18.0000 2952 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:17:18.0000 2952 RDSessMgr - ok
11:17:18.0015 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:17:18.0015 2952 redbook - ok
11:17:18.0015 2952 [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys
11:17:18.0015 2952 RegFilter - ok
11:17:18.0031 2952 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:17:18.0031 2952 RemoteAccess - ok
11:17:18.0046 2952 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:17:18.0046 2952 RemoteRegistry - ok
11:17:18.0062 2952 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
11:17:18.0062 2952 rpcapd - ok
11:17:18.0078 2952 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:17:18.0078 2952 RpcLocator - ok
11:17:18.0093 2952 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:17:18.0093 2952 RpcSs - ok
11:17:18.0109 2952 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:17:18.0109 2952 RSVP - ok
11:17:18.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:17:18.0125 2952 SamSs - ok
11:17:18.0125 2952 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:17:18.0140 2952 SCardSvr - ok
11:17:18.0156 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:17:18.0156 2952 Schedule - ok
11:17:18.0250 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
11:17:18.0250 2952 SDScannerService - ok
11:17:18.0843 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:17:18.0875 2952 SDUpdateService - ok
11:17:18.0906 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:17:18.0921 2952 SDWSCService - ok
11:17:19.0187 2952 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:17:19.0203 2952 Secdrv - ok
11:17:19.0218 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:17:19.0218 2952 seclogon - ok
11:17:19.0312 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:17:19.0312 2952 SENS - ok
11:17:19.0421 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:17:19.0421 2952 serenum - ok
11:17:19.0468 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:17:19.0484 2952 Serial - ok
11:17:19.0484 2952 SetupNTGLM7X - ok
11:17:19.0500 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:17:19.0500 2952 Sfloppy - ok
11:17:19.0703 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:17:19.0703 2952 SharedAccess - ok
11:17:19.0750 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:17:19.0750 2952 ShellHWDetection - ok
11:17:19.0750 2952 Simbad - ok
11:17:19.0765 2952 Sparrow - ok
11:17:19.0781 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:17:19.0781 2952 splitter - ok
11:17:19.0796 2952 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:17:19.0812 2952 Spooler - ok
11:17:19.0843 2952 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:17:19.0843 2952 sr - ok
11:17:19.0875 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:17:19.0875 2952 srservice - ok
11:17:19.0906 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:17:19.0906 2952 Srv - ok
11:17:19.0921 2952 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:17:19.0921 2952 SSDPSRV - ok
11:17:19.0968 2952 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:17:19.0984 2952 stisvc - ok
11:17:20.0000 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:17:20.0000 2952 swenum - ok
11:17:20.0015 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:17:20.0015 2952 swmidi - ok
11:17:20.0015 2952 SwPrv - ok
11:17:20.0015 2952 symc810 - ok
11:17:20.0031 2952 symc8xx - ok
11:17:20.0031 2952 sym_hi - ok
11:17:20.0031 2952 sym_u3 - ok
11:17:20.0031 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:17:20.0031 2952 sysaudio - ok
11:17:20.0046 2952 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:17:20.0046 2952 SysmonLog - ok
11:17:20.0062 2952 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:17:20.0078 2952 TapiSrv - ok
11:17:20.0109 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:17:20.0109 2952 Tcpip - ok
11:17:20.0125 2952 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:17:20.0140 2952 TDPIPE - ok
11:17:20.0156 2952 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:17:20.0156 2952 TDTCP - ok
11:17:20.0171 2952 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:17:20.0171 2952 TermDD - ok
11:17:20.0218 2952 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:17:20.0234 2952 TermService - ok
11:17:20.0234 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:17:20.0234 2952 Themes - ok
11:17:20.0250 2952 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:17:20.0250 2952 TlntSvr - ok
11:17:20.0281 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys
11:17:20.0281 2952 tmactmon - ok
11:17:20.0421 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys
11:17:20.0421 2952 tmcomm - ok
11:17:20.0437 2952 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\WINDOWS\system32\DRIVERS\TMEBC32.sys
11:17:20.0437 2952 TMEBC - ok
11:17:20.0453 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] tmeext C:\WINDOWS\system32\DRIVERS\tmeext.sys
11:17:20.0453 2952 tmeext - ok
11:17:20.0468 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
11:17:20.0468 2952 tmevtmgr - ok
11:17:20.0468 2952 [ 0C40396F071A8092964C8DC951F62B17 ] tmnciesc C:\WINDOWS\system32\DRIVERS\tmnciesc.sys
11:17:20.0484 2952 tmnciesc - ok
11:17:20.0500 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
11:17:20.0500 2952 tmtdi - ok
11:17:20.0500 2952 TosIde - ok
11:17:20.0515 2952 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:17:20.0515 2952 TrkWks - ok
11:17:20.0671 2952 [ 118EDC3E712FF83CE25612081A69075D ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
11:17:20.0687 2952 TuneUp.UtilitiesSvc - ok
11:17:20.0687 2952 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
11:17:20.0703 2952 TuneUpUtilitiesDrv - ok
11:17:20.0718 2952 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:17:20.0718 2952 Udfs - ok
11:17:20.0718 2952 ultra - ok
11:17:20.0828 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:17:20.0828 2952 Update - ok
11:17:20.0859 2952 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe
11:17:20.0859 2952 UPHClean - ok
11:17:20.0875 2952 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:17:20.0875 2952 upnphost - ok
11:17:20.0890 2952 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:17:20.0906 2952 UPS - ok
11:17:20.0921 2952 [ CB41CD653916362CA5ECD242382A156E ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys
11:17:20.0921 2952 UrlFilter - ok
11:17:20.0937 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:17:20.0937 2952 usbccgp - ok
11:17:20.0953 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:17:20.0953 2952 usbehci - ok
11:17:20.0968 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:17:20.0968 2952 usbhub - ok
11:17:20.0984 2952 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:17:20.0984 2952 usbprint - ok
11:17:21.0000 2952 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:17:21.0000 2952 USBSTOR - ok
11:17:21.0015 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:17:21.0015 2952 usbuhci - ok
11:17:21.0046 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:17:21.0046 2952 UxTuneUp - ok
11:17:21.0062 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:17:21.0062 2952 VgaSave - ok
11:17:21.0062 2952 ViaIde - ok
11:17:21.0093 2952 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:17:21.0109 2952 VolSnap - ok
11:17:21.0218 2952 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:17:21.0234 2952 VSS - ok
11:17:21.0359 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
11:17:21.0359 2952 vToolbarUpdater13.2.0 - ok
11:17:21.0437 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:17:21.0437 2952 W32Time - ok
11:17:21.0453 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:17:21.0453 2952 Wanarp - ok
11:17:21.0453 2952 WDICA - ok
11:17:21.0484 2952 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:17:21.0484 2952 wdmaud - ok
11:17:21.0515 2952 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:17:21.0515 2952 WebClient - ok
11:17:21.0562 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:17:21.0562 2952 winmgmt - ok
11:17:21.0593 2952 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
11:17:21.0609 2952 WinRM - ok
11:17:21.0625 2952 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:17:21.0640 2952 WmdmPmSN - ok
11:17:21.0687 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:17:21.0687 2952 Wmi - ok
11:17:21.0703 2952 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:17:21.0718 2952 WmiApSrv - ok
11:17:21.0765 2952 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:17:21.0796 2952 WMPNetworkSvc - ok
11:17:21.0859 2952 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:17:21.0875 2952 WPFFontCache_v0400 - ok
11:17:21.0921 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
11:17:21.0921 2952 WsAudio_DeviceS(1) - ok
11:17:21.0937 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
11:17:21.0937 2952 WsAudio_DeviceS(2) - ok
11:17:21.0953 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
11:17:21.0953 2952 WsAudio_DeviceS(3) - ok
11:17:21.0968 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
11:17:21.0984 2952 WsAudio_DeviceS(4) - ok
11:17:22.0000 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
11:17:22.0000 2952 WsAudio_DeviceS(5) - ok
11:17:22.0015 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:17:22.0031 2952 wscsvc - ok
11:17:22.0046 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:17:22.0046 2952 wuauserv - ok
11:17:22.0062 2952 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:17:22.0062 2952 WudfPf - ok
11:17:22.0062 2952 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:17:22.0062 2952 WudfRd - ok
11:17:22.0078 2952 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:17:22.0109 2952 WudfSvc - ok
11:17:22.0187 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:17:22.0187 2952 WZCSVC - ok
11:17:22.0203 2952 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:17:22.0218 2952 xmlprov - ok
11:17:22.0218 2952 ================ Scan global ===============================
11:17:22.0234 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:22.0250 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:22.0265 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:22.0281 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:17:22.0281 2952 [Global] - ok
11:17:22.0281 2952 ================ Scan MBR ==================================
11:17:22.0296 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:17:22.0781 2952 \Device\Harddisk0\DR0 - ok
11:17:22.0796 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
11:17:23.0015 2952 \Device\Harddisk1\DR1 - ok
11:17:23.0015 2952 ================ Scan VBR ==================================
11:17:23.0015 2952 [ C593EAFFA0EC925B070596C4D76C0F8A ] \Device\Harddisk0\DR0\Partition1
11:17:23.0015 2952 \Device\Harddisk0\DR0\Partition1 - ok
11:17:23.0015 2952 [ C86D8448686A33EF77E5B847E8C484A9 ] \Device\Harddisk1\DR1\Partition1
11:17:23.0015 2952 \Device\Harddisk1\DR1\Partition1 - ok
11:17:23.0015 2952 ================ Scan active images ========================
11:17:23.0015 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
11:17:23.0015 2952 C:\WINDOWS\system32\drivers\intelppm.sys - ok
11:17:23.0015 2952 [ ED9816DBAF6689542EA7D022631906A1 ] C:\WINDOWS\system32\drivers\nv4_mini.sys
11:17:23.0015 2952 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
11:17:23.0031 2952 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\videoprt.sys - ok
11:17:23.0031 2952 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbport.sys - ok
11:17:23.0031 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
11:17:23.0031 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbehci.sys - ok
11:17:23.0031 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
11:17:23.0031 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\cdrom.sys - ok
11:17:23.0031 2952 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ks.sys - ok
11:17:23.0031 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\imapi.sys - ok
11:17:23.0031 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] C:\WINDOWS\system32\drivers\l151x86.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\l151x86.sys - ok
11:17:23.0031 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\redbook.sys - ok
11:17:23.0031 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ASACPI.sys - ok
11:17:23.0031 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\fdc.sys - ok
11:17:23.0031 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
11:17:23.0031 2952 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
11:17:23.0046 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serenum.sys - ok
11:17:23.0046 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serial.sys - ok
11:17:23.0046 2952 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\audstub.sys - ok
11:17:23.0046 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
11:17:23.0046 2952 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
11:17:23.0046 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
11:17:23.0046 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
11:17:23.0046 2952 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
11:17:23.0046 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\msgpc.sys - ok
11:17:23.0046 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\psched.sys - ok
11:17:23.0046 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspptp.sys - ok
11:17:23.0062 2952 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\tdi.sys - ok
11:17:23.0062 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ptilink.sys - ok
11:17:23.0062 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\raspti.sys - ok
11:17:23.0062 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
11:17:23.0062 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mouclass.sys - ok
11:17:23.0062 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\swenum.sys - ok
11:17:23.0062 2952 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\termdd.sys - ok
11:17:23.0062 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\update.sys - ok
11:17:23.0062 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
11:17:23.0062 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
11:17:23.0062 2952 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbd.sys - ok
11:17:23.0062 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbhub.sys - ok
11:17:23.0078 2952 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\drmk.sys - ok
11:17:23.0078 2952 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\portcls.sys - ok
11:17:23.0078 2952 [ 976BFBACF0099565B14810D4840CFC6F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
11:17:23.0078 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
11:17:23.0078 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] C:\WINDOWS\system32\drivers\avgtpx86.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\avgtpx86.sys - ok
11:17:23.0078 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\beep.sys - ok
11:17:23.0078 2952 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
11:17:23.0078 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
11:17:23.0078 2952 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\hidparse.sys - ok
11:17:23.0078 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\kbdhid.sys - ok
11:17:23.0078 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\null.sys - ok
11:17:23.0078 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
11:17:23.0078 2952 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
11:17:23.0093 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\vga.sys - ok
11:17:23.0093 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
11:17:23.0093 2952 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\msfs.sys - ok
11:17:23.0093 2952 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
11:17:23.0093 2952 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\ipsec.sys - ok
11:17:23.0093 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\netbt.sys - ok
11:17:23.0093 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\npfs.sys - ok
11:17:23.0093 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rasacd.sys - ok
11:17:23.0093 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tcpip.sys - ok
11:17:23.0093 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] C:\WINDOWS\system32\drivers\tmeext.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tmeext.sys - ok
11:17:23.0093 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
11:17:23.0093 2952 C:\WINDOWS\system32\drivers\afd.sys - ok
11:17:23.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\ipnat.sys - ok
11:17:23.0109 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\netbios.sys - ok
11:17:23.0109 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\wanarp.sys - ok
11:17:23.0109 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] C:\WINDOWS\system32\drivers\tmcomm.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmcomm.sys - ok
11:17:23.0109 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] C:\WINDOWS\system32\drivers\tmevtmgr.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmevtmgr.sys - ok
11:17:23.0109 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
11:17:23.0109 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\rdbss.sys - ok
11:17:23.0109 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] C:\WINDOWS\system32\drivers\tmactmon.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmactmon.sys - ok
11:17:23.0109 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] C:\WINDOWS\system32\drivers\tmtdi.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmtdi.sys - ok
11:17:23.0109 2952 [ 663F2FB92608073824EE3106886120F3 ] C:\WINDOWS\system32\drivers\AsIO.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\AsIO.sys - ok
11:17:23.0109 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
11:17:23.0109 2952 C:\WINDOWS\system32\drivers\fips.sys - ok
11:17:23.0109 2952 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
11:17:23.0109 2952 C:\WINDOWS\system32\smss.exe - ok
11:17:23.0109 2952 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
11:17:23.0109 2952 C:\WINDOWS\system32\ntdll.dll - ok
11:17:23.0125 2952 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
11:17:23.0125 2952 C:\WINDOWS\system32\sfcfiles.dll - ok
11:17:23.0125 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\cdfs.sys - ok
11:17:23.0125 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
11:17:23.0125 2952 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidclass.sys - ok
11:17:23.0125 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidusb.sys - ok
11:17:23.0125 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\mouhid.sys - ok
11:17:23.0125 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] C:\WINDOWS\system32\drivers\HPZius12.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZius12.sys - ok
11:17:23.0125 2952 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbprint.sys - ok
11:17:23.0125 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] C:\WINDOWS\system32\drivers\HPZid412.sys
11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZid412.sys - ok
11:17:23.0140 2952 [ 89F41658929393487B6B7D13C8528CE3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys
11:17:23.0140 2952 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok
11:17:23.0140 2952 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxapi.sys - ok
11:17:23.0140 2952 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
11:17:23.0140 2952 C:\WINDOWS\system32\watchdog.sys - ok
11:17:23.0140 2952 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys
11:17:23.0140 2952 C:\WINDOWS\system32\win32k.sys - ok
11:17:23.0140 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:17:23.0140 2952 C:\WINDOWS\system32\basesrv.dll - ok
11:17:23.0140 2952 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
11:17:23.0140 2952 C:\WINDOWS\system32\csrsrv.dll - ok
11:17:23.0140 2952 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
11:17:23.0140 2952 C:\WINDOWS\system32\csrss.exe - ok
11:17:23.0140 2952 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
11:17:23.0140 2952 C:\WINDOWS\system32\gdi32.dll - ok
11:17:23.0140 2952 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
11:17:23.0140 2952 C:\WINDOWS\system32\kernel32.dll - ok
11:17:23.0140 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:17:23.0140 2952 C:\WINDOWS\system32\winsrv.dll - ok
11:17:23.0140 2952 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
11:17:23.0140 2952 C:\WINDOWS\system32\user32.dll - ok
11:17:23.0140 2952 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxg.sys - ok
11:17:23.0156 2952 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
11:17:23.0156 2952 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
11:17:23.0156 2952 [ 2C9A151701878E18563447EB2C2B0516 ] C:\WINDOWS\system32\nv4_disp.dll
11:17:23.0156 2952 C:\WINDOWS\system32\nv4_disp.dll - ok
11:17:23.0156 2952 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
11:17:23.0156 2952 C:\WINDOWS\system32\vga.dll - ok
11:17:23.0156 2952 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
11:17:23.0156 2952 C:\WINDOWS\system32\winlogon.exe - ok
11:17:23.0156 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
11:17:23.0156 2952 C:\WINDOWS\system32\advapi32.dll - ok
11:17:23.0156 2952 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
11:17:23.0156 2952 C:\WINDOWS\system32\rpcrt4.dll - ok
11:17:23.0156 2952 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
11:17:23.0156 2952 C:\WINDOWS\system32\authz.dll - ok
11:17:23.0156 2952 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
11:17:23.0156 2952 C:\WINDOWS\system32\secur32.dll - ok
11:17:23.0156 2952 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
11:17:23.0156 2952 C:\WINDOWS\system32\crypt32.dll - ok
11:17:23.0156 2952 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
11:17:23.0156 2952 C:\WINDOWS\system32\msvcrt.dll - ok
11:17:23.0156 2952 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
11:17:23.0156 2952 C:\WINDOWS\system32\msasn1.dll - ok
11:17:23.0156 2952 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
11:17:23.0156 2952 C:\WINDOWS\system32\nddeapi.dll - ok
11:17:23.0171 2952 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
11:17:23.0171 2952 C:\WINDOWS\system32\profmap.dll - ok
11:17:23.0171 2952 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
11:17:23.0171 2952 C:\WINDOWS\system32\netapi32.dll - ok
11:17:23.0171 2952 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
11:17:23.0171 2952 C:\WINDOWS\system32\userenv.dll - ok
11:17:23.0171 2952 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
11:17:23.0171 2952 C:\WINDOWS\system32\psapi.dll - ok
11:17:23.0171 2952 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
11:17:23.0171 2952 C:\WINDOWS\system32\regapi.dll - ok
11:17:23.0171 2952 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
11:17:23.0171 2952 C:\WINDOWS\system32\setupapi.dll - ok
11:17:23.0171 2952 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
11:17:23.0171 2952 C:\WINDOWS\system32\version.dll - ok
-
11:14:31.0609 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:14:32.0140 2668 ============================================================
11:14:32.0140 2668 Current date / time: 2013/01/09 11:14:32.0140
11:14:32.0140 2668 SystemInfo:
11:14:32.0140 2668
11:14:32.0140 2668 OS Version: 5.1.2600 ServicePack: 3.0
11:14:32.0140 2668 Product type: Workstation
11:14:32.0140 2668 ComputerName: HOME
11:14:32.0140 2668 UserName: NEIL'S
11:14:32.0140 2668 Windows directory: C:\WINDOWS
11:14:32.0140 2668 System windows directory: C:\WINDOWS
11:14:32.0140 2668 Processor architecture: Intel x86
11:14:32.0140 2668 Number of processors: 2
11:14:32.0140 2668 Page size: 0x1000
11:14:32.0140 2668 Boot type: Normal boot
11:14:32.0140 2668 ============================================================
11:14:33.0250 2668 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:14:33.0265 2668 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:14:33.0406 2668 ============================================================
11:14:33.0406 2668 \Device\Harddisk0\DR0:
11:14:33.0406 2668 MBR partitions:
11:14:33.0406 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41
11:14:33.0406 2668 \Device\Harddisk1\DR1:
11:14:33.0406 2668 MBR partitions:
11:14:33.0406 2668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
11:14:33.0406 2668 ============================================================
11:14:33.0421 2668 C: <-> \Device\Harddisk0\DR0\Partition1
11:14:33.0437 2668 F: <-> \Device\Harddisk1\DR1\Partition1
11:14:33.0437 2668 ============================================================
11:14:33.0437 2668 Initialize success
11:14:33.0437 2668 ============================================================
11:14:59.0171 3464 Deinitialize success
-
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 586051137
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 300069052416 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a67eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6fa778, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a691d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe3083338, 0xffffffff8a6a0ab8, 0xffffffff893a9ab8
Lower DeviceData: 0xffffffffe106ad00, 0xffffffff8a691d98, 0xffffffff898cf398
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3046379520
-
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 586051137
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 300069052416 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a280bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a327710, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a309d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1ddf5c0, 0xffffffff8a27dab8, 0xffffffff89c4c7e8
Lower DeviceData: 0xffffffffe1f903c8, 0xffffffff8a309d98, 0xffffffff89cacbb8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 2740338688
------------ Kernel report ------------
01/07/2013 10:48:17
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
TMEBC32.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\l151x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tmeext.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\tmcomm.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\tmevtmgr.sys
\SystemRoot\system32\DRIVERS\tmactmon.sys
\SystemRoot\system32\DRIVERS\tmtdi.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\HPZid412.sys
\SystemRoot\system32\DRIVERS\HPZipr12.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
\??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\tmnciesc.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a6a0ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\
Lower Device Object: 0xffffffff8a691d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a6a0030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8a6a1940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.01.06.02
Downloaded database version: v2013.01.06.03
Downloaded database version: v2013.01.06.04
Downloaded database version: v2013.01.06.05
Downloaded database version: v2013.01.06.06
Downloaded database version: v2013.01.06.07
Downloaded database version: v2013.01.06.08
Downloaded database version: v2013.01.07.01
Downloaded database version: v2013.01.07.02
Downloaded database version: v2013.01.07.03
Downloaded database version: v2013.01.07.04
Downloaded database version: v2013.01.07.05
Downloaded database version: v2013.01.07.06
Downloaded database version: v2013.01.07.07
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a6a4b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a6a39e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a6a1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1191248, 0xffffffff8a6a0030, 0xffffffff8947d040
Lower DeviceData: 0xffffffffe329a140, 0xffffffff8a6a1940, 0xffffffff8a44b040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 292EDB50
-
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3053436928
DDA driver is not installed
Downloaded database version: v2012.12.31.02
Initializing...
Done!
The system volume seems inaccessible or encrypted. Scan can't continue.
=======================================
Could not remove DDA driver
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 2830536704
DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3174916096
------------ Kernel report ------------
01/05/2013 19:21:09
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
TMEBC32.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\l151x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a27dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\
Lower Device Object: 0xffffffff8a309d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a30cab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8a309940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.01.06.01
Downloaded database version: v2013.01.04.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2d7b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a31f9e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a309940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1eb07f8, 0xffffffff8a30cab8, 0xffffffff89c34850
Lower DeviceData: 0xffffffffe1fb5468, 0xffffffff8a309940, 0xffffffff89c6e040
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 292EDB50
-
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 2882523136
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3039903744
DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3173933056
------------ Kernel report ------------
12/30/2012 19:56:49
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
TMEBC32.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\l151x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a2d1870
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\
Lower Device Object: 0xffffffff8a2cdd98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a2c2ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8a306940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.31.01
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3193a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a2c9930, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a306940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1b52a88, 0xffffffff8a2c2ab8, 0xffffffff89c79608
Lower DeviceData: 0xffffffffe1a8b428, 0xffffffff8a306940, 0xffffffff89c60d10
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 292EDB50
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 586051137
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 300069052416 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a30ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a313720, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a2cdd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1f169e0, 0xffffffff8a2d1870, 0xffffffff89c606f8
Lower DeviceData: 0xffffffffe1bb6cd0, 0xffffffff8a2cdd98, 0xffffffff89c6c5b8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================
-
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
System is currently in a safe mode
Account is Administrative
Internet Explorer version: 8.0.6001.18702
Java version: 1.6.0_26
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.172000 GHz
Memory total: 3488657408, free: 3172704256
Could not load protection driver
------------ Kernel report ------------
12/28/2012 23:46:12
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
TMEBC32.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\l151x86.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\HPZius12.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff89e3b030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xffffffff89e40be8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a28eab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\
Lower Device Object: 0xffffffff8a380d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a30aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\
Lower Device Object: 0xffffffff8a2f2940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2012.12.29.05
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2993a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a37d9e8, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a2f2940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1dc6c08, 0xffffffff8a30aab8, 0xffffffff89c296c0
Lower DeviceData: 0xffffffffe1af7920, 0xffffffff8a2f2940, 0xffffffff89cd7660
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 292EDB50
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 586051137
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 300069052416 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a309bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a3197a0, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a380d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xffffffffe1bdf7a0, 0xffffffff8a28eab8, 0xffffffff89c2c550
Lower DeviceData: 0xffffffffe1d90700, 0xffffffff8a380d98, 0xffffffff89c59a08
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625137282
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89e3be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff89e40be8, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xffffffffe1ed06d8, 0xffffffff89e3b030, 0xffffffff89c4eab8
Lower DeviceData: 0xffffffffe1fdec30, 0xffffffff89e40be8, 0xffffffff89c4e658
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E423E423
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 128 Numsec = 7855872
Partition file system is NTFS
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 4022337024 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)
Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================
-
the system-log.txt is too long to post here.
-
Malwarebytes Anti-Rootkit 1.01.0.1011
Database version: v2013.01.07.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
NEIL'S :: HOME [administrator]
1/7/2013 10:54:45 AM
mbar-log-2013-01-07 (10-54-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26397
Time elapsed: 6 minute(s), 10 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Malwarebytes Anti-Rootkit 1.01.0.1011
Database version: v2012.12.29.05
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
NEIL'S :: HOME [administrator]
12/28/2012 11:50:34 PM
mbar-log-2012-12-28 (23-50-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26348
Time elapsed: 4 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
thankyou for your help. I ran mbar, here are the logs.system-log.txtmbar-log-2013-01-07 (10-54-45).txt
-
my google homepage is being redirected to either a false yahoo site, facebook, or a blank page. I ran malware bytes and found trojans. the problem went away for a day and came back. I tried system restore and it came back again. I'm also getting runtime error 216 at 5003a116 when closing IE. please help. dds.txt attach.txt
browser hijacked, google being redirected
in Resolved Malware Removal Logs
Posted
Thank you again