Jump to content

browser hijacked, google being redirected


Recommended Posts

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

Link to post
Share on other sites

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2012.12.29.05

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

NEIL'S :: HOME [administrator]

12/28/2012 11:50:34 PM

mbar-log-2012-12-28 (23-50-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 26348

Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Malwarebytes Anti-Rootkit 1.01.0.1011

www.malwarebytes.org

Database version: v2013.01.07.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

NEIL'S :: HOME [administrator]

1/7/2013 10:54:45 AM

mbar-log-2013-01-07 (10-54-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 26397

Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3172704256

Could not load protection driver

------------ Kernel report ------------

12/28/2012 23:46:12

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

TMEBC32.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\l151x86.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\HPZius12.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR4

Upper Device Object: 0xffffffff89e3b030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000090\

Lower Device Object: 0xffffffff89e40be8

Lower Device Driver Name: \Driver\USBSTOR\

Driver name found: USBSTOR

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8a28eab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\

Lower Device Object: 0xffffffff8a380d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a30aab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\

Lower Device Object: 0xffffffff8a2f2940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2012.12.29.05

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a2993a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a37d9e8, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a2f2940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1dc6c08, 0xffffffff8a30aab8, 0xffffffff89c296c0

Lower DeviceData: 0xffffffffe1af7920, 0xffffffff8a2f2940, 0xffffffff89cd7660

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 292EDB50

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 586051137

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 300069052416 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a309bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a3197a0, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a380d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1bdf7a0, 0xffffffff8a28eab8, 0xffffffff89c2c550

Lower DeviceData: 0xffffffffe1d90700, 0xffffffff8a380d98, 0xffffffff89c59a08

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 625137282

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff89e3be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff89e40be8, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\

------------ End ----------

Upper DeviceData: 0xffffffffe1ed06d8, 0xffffffff89e3b030, 0xffffffff89c4eab8

Lower DeviceData: 0xffffffffe1fdec30, 0xffffffff89e40be8, 0xffffffff89c4e658

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E423E423

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 128 Numsec = 7855872

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 4022337024 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)

Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 2882523136

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3039903744

DDA Driver installation error.

Driver installed on boot. Reboot required.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3173933056

------------ Kernel report ------------

12/30/2012 19:56:49

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

TMEBC32.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\l151x86.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\HPZius12.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8a2d1870

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\

Lower Device Object: 0xffffffff8a2cdd98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a2c2ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\

Lower Device Object: 0xffffffff8a306940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2012.12.31.01

Downloaded database version: v2012.12.27.02

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a3193a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a2c9930, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a306940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1b52a88, 0xffffffff8a2c2ab8, 0xffffffff89c79608

Lower DeviceData: 0xffffffffe1a8b428, 0xffffffff8a306940, 0xffffffff89c60d10

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 292EDB50

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 586051137

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 300069052416 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a30ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a313720, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a2cdd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1f169e0, 0xffffffff8a2d1870, 0xffffffff89c606f8

Lower DeviceData: 0xffffffffe1bb6cd0, 0xffffffff8a2cdd98, 0xffffffff89c6c5b8

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 625137282

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)

Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Done!

Scan finished

=======================================

Link to post
Share on other sites

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3053436928

DDA driver is not installed

Downloaded database version: v2012.12.31.02

Initializing...

Done!

The system volume seems inaccessible or encrypted. Scan can't continue.

=======================================

Could not remove DDA driver

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 2830536704

DDA Driver installation error.

Driver installed on boot. Reboot required.

System shutdown occurred

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3174916096

------------ Kernel report ------------

01/05/2013 19:21:09

------------ Loaded modules -----------

\WINDOWS\system32\ntoskrnl.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

TMEBC32.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\l151x86.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\HPZius12.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\System32\Drivers\Fastfat.SYS

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8a27dab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\

Lower Device Object: 0xffffffff8a309d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a30cab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\

Lower Device Object: 0xffffffff8a309940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2013.01.06.01

Downloaded database version: v2013.01.04.01

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a2d7b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a31f9e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a309940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1eb07f8, 0xffffffff8a30cab8, 0xffffffff89c34850

Lower DeviceData: 0xffffffffe1fb5468, 0xffffffff8a309940, 0xffffffff89c6e040

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 292EDB50

Link to post
Share on other sites

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 586051137

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 300069052416 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a280bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a327710, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a309d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1ddf5c0, 0xffffffff8a27dab8, 0xffffffff89c4c7e8

Lower DeviceData: 0xffffffffe1f903c8, 0xffffffff8a309d98, 0xffffffff89cacbb8

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 625137282

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)

Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 2740338688

------------ Kernel report ------------

01/07/2013 10:48:17

------------ Loaded modules -----------

\WINDOWS\system32\ntkrnlpa.exe

\WINDOWS\system32\hal.dll

\WINDOWS\system32\KDCOM.DLL

\WINDOWS\system32\BOOTVID.dll

TMEBC32.sys

ACPI.sys

\WINDOWS\system32\DRIVERS\WMILIB.SYS

pci.sys

isapnp.sys

pciide.sys

\WINDOWS\system32\DRIVERS\PCIIDEX.SYS

MountMgr.sys

ftdisk.sys

dmload.sys

dmio.sys

PartMgr.sys

VolSnap.sys

atapi.sys

disk.sys

\WINDOWS\system32\DRIVERS\CLASSPNP.SYS

fltmgr.sys

sr.sys

KSecDD.sys

Ntfs.sys

NDIS.sys

Mup.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nv4_mini.sys

\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\redbook.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\imapi.sys

\SystemRoot\system32\DRIVERS\l151x86.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\audstub.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\psched.sys

\SystemRoot\system32\DRIVERS\msgpc.sys

\SystemRoot\system32\DRIVERS\ptilink.sys

\SystemRoot\system32\DRIVERS\raspti.sys

\SystemRoot\system32\DRIVERS\rdpdr.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\update.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\RtkHDAud.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\Fs_Rec.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\WINDOWS\system32\drivers\avgtpx86.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\Drivers\mnmdd.SYS

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\rasacd.sys

\SystemRoot\system32\DRIVERS\tmeext.sys

\SystemRoot\system32\DRIVERS\ipsec.sys

\SystemRoot\system32\DRIVERS\tcpip.sys

\SystemRoot\system32\DRIVERS\netbt.sys

\SystemRoot\system32\DRIVERS\ipnat.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\System32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\tmcomm.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\tmevtmgr.sys

\SystemRoot\system32\DRIVERS\tmactmon.sys

\SystemRoot\system32\DRIVERS\tmtdi.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\System32\Drivers\Fips.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\drivers\AsIO.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\HPZius12.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\HPZid412.sys

\SystemRoot\system32\DRIVERS\HPZipr12.sys

\SystemRoot\System32\Drivers\Cdfs.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\watchdog.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\drivers\dxgthk.sys

\SystemRoot\System32\nv4_disp.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\drivers\wdmaud.sys

\SystemRoot\system32\drivers\sysaudio.sys

\SystemRoot\system32\DRIVERS\srv.sys

\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys

\??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

\SystemRoot\System32\Drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\tmnciesc.sys

\SystemRoot\system32\drivers\kmixer.sys

\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys

\WINDOWS\system32\ntdll.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8a6a0ab8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\

Lower Device Object: 0xffffffff8a691d98

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

DriverEntry returned 0x0

Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff8a6a0030

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\

Lower Device Object: 0xffffffff8a6a1940

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2013.01.06.02

Downloaded database version: v2013.01.06.03

Downloaded database version: v2013.01.06.04

Downloaded database version: v2013.01.06.05

Downloaded database version: v2013.01.06.06

Downloaded database version: v2013.01.06.07

Downloaded database version: v2013.01.06.08

Downloaded database version: v2013.01.07.01

Downloaded database version: v2013.01.07.02

Downloaded database version: v2013.01.07.03

Downloaded database version: v2013.01.07.04

Downloaded database version: v2013.01.07.05

Downloaded database version: v2013.01.07.06

Downloaded database version: v2013.01.07.07

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 1

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a6a4b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6a39e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a6a1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe1191248, 0xffffffff8a6a0030, 0xffffffff8947d040

Lower DeviceData: 0xffffffffe329a140, 0xffffffff8a6a1940, 0xffffffff8a44b040

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\WINDOWS\system32\drivers...

Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 292EDB50

Link to post
Share on other sites

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 586051137

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 300069052416 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8a67eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\

DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff8a6fa778, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff8a691d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\

------------ End ----------

Upper DeviceData: 0xffffffffe3083338, 0xffffffff8a6a0ab8, 0xffffffff893a9ab8

Lower DeviceData: 0xffffffffe106ad00, 0xffffffff8a691d98, 0xffffffff898cf398

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 625137282

Partition file system is NTFS

Partition is bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes

Sector size: 512 bytes

Done!

Performing system, memory and registry scan...

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)

Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)

Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)

Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)

Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)

Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)

Done!

Scan finished

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1011

© Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_26

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED

CPU speed: 3.172000 GHz

Memory total: 3488657408, free: 3046379520

Link to post
Share on other sites

Hello steveopevo,

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

Link to post
Share on other sites

11:14:31.0609 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

11:14:32.0140 2668 ============================================================

11:14:32.0140 2668 Current date / time: 2013/01/09 11:14:32.0140

11:14:32.0140 2668 SystemInfo:

11:14:32.0140 2668

11:14:32.0140 2668 OS Version: 5.1.2600 ServicePack: 3.0

11:14:32.0140 2668 Product type: Workstation

11:14:32.0140 2668 ComputerName: HOME

11:14:32.0140 2668 UserName: NEIL'S

11:14:32.0140 2668 Windows directory: C:\WINDOWS

11:14:32.0140 2668 System windows directory: C:\WINDOWS

11:14:32.0140 2668 Processor architecture: Intel x86

11:14:32.0140 2668 Number of processors: 2

11:14:32.0140 2668 Page size: 0x1000

11:14:32.0140 2668 Boot type: Normal boot

11:14:32.0140 2668 ============================================================

11:14:33.0250 2668 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:14:33.0265 2668 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:14:33.0406 2668 ============================================================

11:14:33.0406 2668 \Device\Harddisk0\DR0:

11:14:33.0406 2668 MBR partitions:

11:14:33.0406 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41

11:14:33.0406 2668 \Device\Harddisk1\DR1:

11:14:33.0406 2668 MBR partitions:

11:14:33.0406 2668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682

11:14:33.0406 2668 ============================================================

11:14:33.0421 2668 C: <-> \Device\Harddisk0\DR0\Partition1

11:14:33.0437 2668 F: <-> \Device\Harddisk1\DR1\Partition1

11:14:33.0437 2668 ============================================================

11:14:33.0437 2668 Initialize success

11:14:33.0437 2668 ============================================================

11:14:59.0171 3464 Deinitialize success

Link to post
Share on other sites

11:16:47.0031 3336 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

11:16:47.0781 3336 ============================================================

11:16:47.0781 3336 Current date / time: 2013/01/09 11:16:47.0781

11:16:47.0781 3336 SystemInfo:

11:16:47.0781 3336

11:16:47.0781 3336 OS Version: 5.1.2600 ServicePack: 3.0

11:16:47.0781 3336 Product type: Workstation

11:16:47.0781 3336 ComputerName: HOME

11:16:47.0781 3336 UserName: NEIL'S

11:16:47.0781 3336 Windows directory: C:\WINDOWS

11:16:47.0781 3336 System windows directory: C:\WINDOWS

11:16:47.0781 3336 Processor architecture: Intel x86

11:16:47.0781 3336 Number of processors: 2

11:16:47.0781 3336 Page size: 0x1000

11:16:47.0781 3336 Boot type: Normal boot

11:16:47.0781 3336 ============================================================

11:16:48.0890 3336 BG loaded

11:16:49.0218 3336 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:16:49.0218 3336 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

11:16:49.0234 3336 ============================================================

11:16:49.0234 3336 \Device\Harddisk0\DR0:

11:16:49.0234 3336 MBR partitions:

11:16:49.0234 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E41

11:16:49.0234 3336 \Device\Harddisk1\DR1:

11:16:49.0234 3336 MBR partitions:

11:16:49.0234 3336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682

11:16:49.0234 3336 ============================================================

11:16:49.0281 3336 C: <-> \Device\Harddisk0\DR0\Partition1

11:16:49.0296 3336 F: <-> \Device\Harddisk1\DR1\Partition1

11:16:49.0296 3336 ============================================================

11:16:49.0296 3336 Initialize success

11:16:49.0296 3336 ============================================================

11:17:13.0984 2952 ============================================================

11:17:13.0984 2952 Scan started

11:17:13.0984 2952 Mode: Manual; TDLFS;

11:17:13.0984 2952 ============================================================

11:17:14.0250 2952 ================ Scan system memory ========================

11:17:14.0250 2952 System memory - ok

11:17:14.0250 2952 ================ Scan services =============================

11:17:14.0312 2952 A2DDA - ok

11:17:14.0312 2952 Abiosdsk - ok

11:17:14.0312 2952 abp480n5 - ok

11:17:14.0328 2952 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:17:14.0328 2952 ACPI - ok

11:17:14.0343 2952 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

11:17:14.0343 2952 ACPIEC - ok

11:17:14.0375 2952 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

11:17:14.0375 2952 AdobeFlashPlayerUpdateSvc - ok

11:17:14.0375 2952 adpu160m - ok

11:17:14.0421 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

11:17:14.0421 2952 AdvancedSystemCareService6 - ok

11:17:14.0437 2952 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

11:17:14.0437 2952 aec - ok

11:17:14.0453 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

11:17:14.0453 2952 AFD - ok

11:17:14.0453 2952 Aha154x - ok

11:17:14.0468 2952 aic78u2 - ok

11:17:14.0468 2952 aic78xx - ok

11:17:14.0484 2952 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

11:17:14.0484 2952 Alerter - ok

11:17:14.0484 2952 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

11:17:14.0484 2952 ALG - ok

11:17:14.0500 2952 AliIde - ok

11:17:14.0500 2952 amsint - ok

11:17:14.0546 2952 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

11:17:14.0546 2952 Amsp - ok

11:17:14.0562 2952 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll

11:17:14.0562 2952 AppMgmt - ok

11:17:14.0562 2952 asc - ok

11:17:14.0562 2952 asc3350p - ok

11:17:14.0578 2952 asc3550 - ok

11:17:14.0578 2952 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys

11:17:14.0578 2952 AsIO - ok

11:17:14.0625 2952 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

11:17:14.0640 2952 aspnet_state - ok

11:17:14.0656 2952 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:17:14.0656 2952 AsyncMac - ok

11:17:14.0671 2952 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

11:17:14.0671 2952 atapi - ok

11:17:14.0687 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys

11:17:14.0687 2952 AtcL001 - ok

11:17:14.0687 2952 Atdisk - ok

11:17:14.0687 2952 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:17:14.0687 2952 Atmarpc - ok

11:17:14.0703 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

11:17:14.0703 2952 AudioSrv - ok

11:17:14.0718 2952 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

11:17:14.0718 2952 audstub - ok

11:17:14.0734 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys

11:17:14.0734 2952 avgtp - ok

11:17:14.0734 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

11:17:14.0750 2952 Beep - ok

11:17:14.0765 2952 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

11:17:14.0781 2952 BITS - ok

11:17:14.0796 2952 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

11:17:14.0796 2952 Browser - ok

11:17:14.0812 2952 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

11:17:14.0812 2952 cbidf2k - ok

11:17:14.0812 2952 cd20xrnt - ok

11:17:14.0812 2952 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

11:17:14.0812 2952 Cdaudio - ok

11:17:14.0828 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

11:17:14.0828 2952 Cdfs - ok

11:17:14.0828 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:17:14.0828 2952 Cdrom - ok

11:17:14.0843 2952 Changer - ok

11:17:14.0859 2952 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

11:17:14.0859 2952 CiSvc - ok

11:17:14.0859 2952 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

11:17:14.0859 2952 ClipSrv - ok

11:17:14.0875 2952 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:17:14.0921 2952 clr_optimization_v2.0.50727_32 - ok

11:17:14.0937 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:17:14.0953 2952 clr_optimization_v4.0.30319_32 - ok

11:17:14.0953 2952 CmdIde - ok

11:17:14.0953 2952 COMSysApp - ok

11:17:14.0953 2952 Cpqarray - ok

11:17:14.0968 2952 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

11:17:14.0968 2952 CryptSvc - ok

11:17:14.0968 2952 dac2w2k - ok

11:17:14.0984 2952 dac960nt - ok

11:17:15.0000 2952 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

11:17:15.0000 2952 DcomLaunch - ok

11:17:15.0015 2952 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

11:17:15.0015 2952 Dhcp - ok

11:17:15.0031 2952 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

11:17:15.0031 2952 Disk - ok

11:17:15.0062 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

11:17:15.0078 2952 Diskeeper - ok

11:17:15.0078 2952 dmadmin - ok

11:17:15.0109 2952 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

11:17:15.0125 2952 dmboot - ok

11:17:15.0125 2952 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

11:17:15.0125 2952 dmio - ok

11:17:15.0140 2952 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

11:17:15.0140 2952 dmload - ok

11:17:15.0140 2952 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

11:17:15.0156 2952 dmserver - ok

11:17:15.0156 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

11:17:15.0156 2952 DMusic - ok

11:17:15.0171 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

11:17:15.0171 2952 Dnscache - ok

11:17:15.0187 2952 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

11:17:15.0187 2952 Dot3svc - ok

11:17:15.0187 2952 dpti2o - ok

11:17:15.0203 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

11:17:15.0203 2952 drmkaud - ok

11:17:15.0218 2952 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

11:17:15.0218 2952 EapHost - ok

11:17:15.0234 2952 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

11:17:15.0234 2952 ERSvc - ok

11:17:15.0234 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

11:17:15.0234 2952 Eventlog - ok

11:17:15.0250 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

11:17:15.0265 2952 EventSystem - ok

11:17:15.0265 2952 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

11:17:15.0265 2952 Fastfat - ok

11:17:15.0296 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

11:17:15.0296 2952 FastUserSwitchingCompatibility - ok

11:17:15.0312 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

11:17:15.0312 2952 Fdc - ok

11:17:15.0359 2952 [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

11:17:15.0359 2952 FileMonitor - ok

11:17:15.0375 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

11:17:15.0375 2952 Fips - ok

11:17:15.0390 2952 Fix-It Task Manager - ok

11:17:15.0390 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:17:15.0390 2952 Flpydisk - ok

11:17:15.0406 2952 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

11:17:15.0421 2952 FltMgr - ok

11:17:15.0437 2952 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

11:17:15.0437 2952 FontCache3.0.0.0 - ok

11:17:15.0437 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:17:15.0437 2952 Fs_Rec - ok

11:17:15.0453 2952 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:17:15.0453 2952 Ftdisk - ok

11:17:15.0453 2952 GMSIPCI - ok

11:17:15.0468 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:17:15.0468 2952 Gpc - ok

11:17:15.0484 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:17:15.0484 2952 HDAudBus - ok

11:17:15.0515 2952 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

11:17:15.0515 2952 helpsvc - ok

11:17:15.0531 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

11:17:15.0531 2952 HidServ - ok

11:17:15.0531 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:17:15.0531 2952 hidusb - ok

11:17:15.0546 2952 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

11:17:15.0546 2952 hkmsvc - ok

11:17:15.0593 2952 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

11:17:15.0593 2952 HP Port Resolver - ok

11:17:15.0609 2952 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

11:17:15.0609 2952 HP Status Server - ok

11:17:15.0609 2952 hpn - ok

11:17:15.0625 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:17:15.0625 2952 HPZid412 - ok

11:17:15.0640 2952 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:17:15.0640 2952 HPZipr12 - ok

11:17:15.0640 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:17:15.0640 2952 HPZius12 - ok

11:17:15.0656 2952 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

11:17:15.0656 2952 HTTP - ok

11:17:15.0671 2952 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

11:17:15.0671 2952 HTTPFilter - ok

11:17:15.0671 2952 i2omgmt - ok

11:17:15.0671 2952 i2omp - ok

11:17:15.0671 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:17:15.0671 2952 i8042prt - ok

11:17:15.0718 2952 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

11:17:15.0718 2952 IDriverT - ok

11:17:15.0734 2952 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

11:17:15.0750 2952 idsvc - ok

11:17:15.0765 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

11:17:15.0765 2952 Imapi - ok

11:17:15.0796 2952 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

11:17:15.0812 2952 ImapiService - ok

11:17:15.0875 2952 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

11:17:15.0875 2952 IMFservice - ok

11:17:15.0890 2952 ini910u - ok

11:17:16.0000 2952 [ 976BFBACF0099565B14810D4840CFC6F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:17:16.0015 2952 IntcAzAudAddService - ok

11:17:16.0015 2952 IntelIde - ok

11:17:16.0031 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:17:16.0031 2952 intelppm - ok

11:17:16.0046 2952 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

11:17:16.0046 2952 Ip6Fw - ok

11:17:16.0062 2952 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:17:16.0062 2952 IpFilterDriver - ok

11:17:16.0078 2952 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:17:16.0093 2952 IpInIp - ok

11:17:16.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:17:16.0109 2952 IpNat - ok

11:17:16.0109 2952 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:17:16.0109 2952 IPSec - ok

11:17:16.0125 2952 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

11:17:16.0125 2952 IRENUM - ok

11:17:16.0140 2952 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys

11:17:16.0140 2952 irsir - ok

11:17:16.0156 2952 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:17:16.0156 2952 isapnp - ok

11:17:16.0203 2952 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

11:17:16.0203 2952 JavaQuickStarterService - ok

11:17:16.0218 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:17:16.0218 2952 Kbdclass - ok

11:17:16.0218 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys

11:17:16.0218 2952 kbdhid - ok

11:17:16.0218 2952 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

11:17:16.0218 2952 kmixer - ok

11:17:16.0234 2952 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

11:17:16.0234 2952 KSecDD - ok

11:17:16.0250 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

11:17:16.0250 2952 lanmanserver - ok

11:17:16.0265 2952 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

11:17:16.0265 2952 lanmanworkstation - ok

11:17:16.0265 2952 lbrtfdc - ok

11:17:16.0265 2952 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

11:17:16.0281 2952 LmHosts - ok

11:17:16.0281 2952 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

11:17:16.0281 2952 Messenger - ok

11:17:16.0296 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

11:17:16.0296 2952 mnmdd - ok

11:17:16.0328 2952 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

11:17:16.0328 2952 mnmsrvc - ok

11:17:16.0343 2952 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

11:17:16.0343 2952 Modem - ok

11:17:16.0359 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:17:16.0359 2952 Mouclass - ok

11:17:16.0390 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:17:16.0390 2952 mouhid - ok

11:17:16.0390 2952 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

11:17:16.0390 2952 MountMgr - ok

11:17:16.0406 2952 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

11:17:16.0406 2952 MozillaMaintenance - ok

11:17:16.0406 2952 mraid35x - ok

11:17:16.0421 2952 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:17:16.0421 2952 MRxDAV - ok

11:17:16.0468 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:17:16.0468 2952 MRxSmb - ok

11:17:16.0484 2952 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

11:17:16.0484 2952 MSDTC - ok

11:17:16.0500 2952 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

11:17:16.0500 2952 Msfs - ok

11:17:16.0500 2952 MSICPL - ok

11:17:16.0500 2952 MSIServer - ok

11:17:16.0515 2952 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:17:16.0515 2952 MSKSSRV - ok

11:17:16.0531 2952 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:17:16.0531 2952 MSPCLOCK - ok

11:17:16.0546 2952 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

11:17:16.0546 2952 MSPQM - ok

11:17:16.0562 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:17:16.0562 2952 mssmbios - ok

11:17:16.0578 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys

11:17:16.0578 2952 MTsensor - ok

11:17:16.0593 2952 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

11:17:16.0593 2952 Mup - ok

11:17:16.0625 2952 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

11:17:16.0640 2952 napagent - ok

11:17:16.0703 2952 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

11:17:16.0734 2952 NBService - ok

11:17:16.0765 2952 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

11:17:16.0781 2952 NDIS - ok

11:17:16.0796 2952 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:17:16.0796 2952 NdisTapi - ok

11:17:16.0796 2952 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:17:16.0796 2952 Ndisuio - ok

11:17:16.0812 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:17:16.0828 2952 NdisWan - ok

11:17:16.0828 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

11:17:16.0828 2952 NDProxy - ok

11:17:16.0843 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

11:17:16.0843 2952 NetBIOS - ok

11:17:16.0859 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

11:17:16.0859 2952 NetBT - ok

11:17:16.0875 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

11:17:16.0890 2952 NetDDE - ok

11:17:16.0890 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

11:17:16.0890 2952 NetDDEdsdm - ok

11:17:16.0906 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

11:17:16.0906 2952 Netlogon - ok

11:17:16.0921 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

11:17:16.0921 2952 Netman - ok

11:17:16.0937 2952 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

11:17:16.0937 2952 NetTcpPortSharing - ok

11:17:16.0953 2952 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

11:17:16.0953 2952 Nla - ok

11:17:17.0015 2952 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

11:17:17.0031 2952 NMIndexingService - ok

11:17:17.0046 2952 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys

11:17:17.0062 2952 NPF - ok

11:17:17.0062 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

11:17:17.0062 2952 Npfs - ok

11:17:17.0062 2952 NTACCESS - ok

11:17:17.0093 2952 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

11:17:17.0125 2952 Ntfs - ok

11:17:17.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

11:17:17.0125 2952 NtLmSsp - ok

11:17:17.0140 2952 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

11:17:17.0156 2952 NtmsSvc - ok

11:17:17.0156 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

11:17:17.0156 2952 Null - ok

11:17:17.0421 2952 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:17:17.0453 2952 nv - ok

11:17:17.0484 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

11:17:17.0484 2952 NVSvc - ok

11:17:17.0500 2952 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:17:17.0515 2952 NwlnkFlt - ok

11:17:17.0531 2952 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:17:17.0531 2952 NwlnkFwd - ok

11:17:17.0593 2952 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:17:17.0593 2952 odserv - ok

11:17:17.0625 2952 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:17:17.0625 2952 ose - ok

11:17:17.0640 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys

11:17:17.0640 2952 Parport - ok

11:17:17.0656 2952 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

11:17:17.0656 2952 PartMgr - ok

11:17:17.0671 2952 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

11:17:17.0671 2952 ParVdm - ok

11:17:17.0671 2952 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

11:17:17.0671 2952 PCI - ok

11:17:17.0671 2952 PCIDump - ok

11:17:17.0687 2952 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

11:17:17.0687 2952 PCIIde - ok

11:17:17.0703 2952 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

11:17:17.0718 2952 Pcmcia - ok

11:17:17.0718 2952 PDCOMP - ok

11:17:17.0718 2952 PDFRAME - ok

11:17:17.0718 2952 PDRELI - ok

11:17:17.0718 2952 PDRFRAME - ok

11:17:17.0718 2952 perc2 - ok

11:17:17.0718 2952 perc2hib - ok

11:17:17.0734 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe

11:17:17.0734 2952 PLFlash DeviceIoControl Service - ok

11:17:17.0750 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

11:17:17.0750 2952 PlugPlay - ok

11:17:17.0765 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe

11:17:17.0765 2952 Pml Driver HPZ12 - ok

11:17:17.0765 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

11:17:17.0765 2952 PolicyAgent - ok

11:17:17.0781 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:17:17.0781 2952 PptpMiniport - ok

11:17:17.0781 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

11:17:17.0781 2952 ProtectedStorage - ok

11:17:17.0781 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

11:17:17.0781 2952 PSched - ok

11:17:17.0796 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:17:17.0796 2952 Ptilink - ok

11:17:17.0796 2952 ql1080 - ok

11:17:17.0796 2952 Ql10wnt - ok

11:17:17.0796 2952 ql12160 - ok

11:17:17.0796 2952 ql1240 - ok

11:17:17.0796 2952 ql1280 - ok

11:17:17.0812 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:17:17.0812 2952 RasAcd - ok

11:17:17.0843 2952 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

11:17:17.0843 2952 RasAuto - ok

11:17:17.0859 2952 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys

11:17:17.0875 2952 Rasirda - ok

11:17:17.0875 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:17:17.0875 2952 Rasl2tp - ok

11:17:17.0890 2952 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

11:17:17.0890 2952 RasMan - ok

11:17:17.0890 2952 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:17:17.0890 2952 RasPppoe - ok

11:17:17.0906 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

11:17:17.0906 2952 Raspti - ok

11:17:17.0937 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:17:17.0937 2952 Rdbss - ok

11:17:17.0953 2952 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:17:17.0953 2952 RDPCDD - ok

11:17:17.0968 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:17:17.0968 2952 rdpdr - ok

11:17:17.0984 2952 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

11:17:17.0984 2952 RDPWD - ok

11:17:18.0000 2952 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

11:17:18.0000 2952 RDSessMgr - ok

11:17:18.0015 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

11:17:18.0015 2952 redbook - ok

11:17:18.0015 2952 [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

11:17:18.0015 2952 RegFilter - ok

11:17:18.0031 2952 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

11:17:18.0031 2952 RemoteAccess - ok

11:17:18.0046 2952 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll

11:17:18.0046 2952 RemoteRegistry - ok

11:17:18.0062 2952 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe

11:17:18.0062 2952 rpcapd - ok

11:17:18.0078 2952 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

11:17:18.0078 2952 RpcLocator - ok

11:17:18.0093 2952 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

11:17:18.0093 2952 RpcSs - ok

11:17:18.0109 2952 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

11:17:18.0109 2952 RSVP - ok

11:17:18.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

11:17:18.0125 2952 SamSs - ok

11:17:18.0125 2952 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

11:17:18.0140 2952 SCardSvr - ok

11:17:18.0156 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

11:17:18.0156 2952 Schedule - ok

11:17:18.0250 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

11:17:18.0250 2952 SDScannerService - ok

11:17:18.0843 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

11:17:18.0875 2952 SDUpdateService - ok

11:17:18.0906 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

11:17:18.0921 2952 SDWSCService - ok

11:17:19.0187 2952 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:17:19.0203 2952 Secdrv - ok

11:17:19.0218 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

11:17:19.0218 2952 seclogon - ok

11:17:19.0312 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

11:17:19.0312 2952 SENS - ok

11:17:19.0421 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

11:17:19.0421 2952 serenum - ok

11:17:19.0468 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

11:17:19.0484 2952 Serial - ok

11:17:19.0484 2952 SetupNTGLM7X - ok

11:17:19.0500 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

11:17:19.0500 2952 Sfloppy - ok

11:17:19.0703 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll

11:17:19.0703 2952 SharedAccess - ok

11:17:19.0750 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

11:17:19.0750 2952 ShellHWDetection - ok

11:17:19.0750 2952 Simbad - ok

11:17:19.0765 2952 Sparrow - ok

11:17:19.0781 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

11:17:19.0781 2952 splitter - ok

11:17:19.0796 2952 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

11:17:19.0812 2952 Spooler - ok

11:17:19.0843 2952 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

11:17:19.0843 2952 sr - ok

11:17:19.0875 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

11:17:19.0875 2952 srservice - ok

11:17:19.0906 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

11:17:19.0906 2952 Srv - ok

11:17:19.0921 2952 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

11:17:19.0921 2952 SSDPSRV - ok

11:17:19.0968 2952 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

11:17:19.0984 2952 stisvc - ok

11:17:20.0000 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

11:17:20.0000 2952 swenum - ok

11:17:20.0015 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

11:17:20.0015 2952 swmidi - ok

11:17:20.0015 2952 SwPrv - ok

11:17:20.0015 2952 symc810 - ok

11:17:20.0031 2952 symc8xx - ok

11:17:20.0031 2952 sym_hi - ok

11:17:20.0031 2952 sym_u3 - ok

11:17:20.0031 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

11:17:20.0031 2952 sysaudio - ok

11:17:20.0046 2952 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

11:17:20.0046 2952 SysmonLog - ok

11:17:20.0062 2952 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

11:17:20.0078 2952 TapiSrv - ok

11:17:20.0109 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:17:20.0109 2952 Tcpip - ok

11:17:20.0125 2952 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

11:17:20.0140 2952 TDPIPE - ok

11:17:20.0156 2952 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

11:17:20.0156 2952 TDTCP - ok

11:17:20.0171 2952 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

11:17:20.0171 2952 TermDD - ok

11:17:20.0218 2952 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

11:17:20.0234 2952 TermService - ok

11:17:20.0234 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

11:17:20.0234 2952 Themes - ok

11:17:20.0250 2952 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe

11:17:20.0250 2952 TlntSvr - ok

11:17:20.0281 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys

11:17:20.0281 2952 tmactmon - ok

11:17:20.0421 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys

11:17:20.0421 2952 tmcomm - ok

11:17:20.0437 2952 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\WINDOWS\system32\DRIVERS\TMEBC32.sys

11:17:20.0437 2952 TMEBC - ok

11:17:20.0453 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] tmeext C:\WINDOWS\system32\DRIVERS\tmeext.sys

11:17:20.0453 2952 tmeext - ok

11:17:20.0468 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys

11:17:20.0468 2952 tmevtmgr - ok

11:17:20.0468 2952 [ 0C40396F071A8092964C8DC951F62B17 ] tmnciesc C:\WINDOWS\system32\DRIVERS\tmnciesc.sys

11:17:20.0484 2952 tmnciesc - ok

11:17:20.0500 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys

11:17:20.0500 2952 tmtdi - ok

11:17:20.0500 2952 TosIde - ok

11:17:20.0515 2952 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

11:17:20.0515 2952 TrkWks - ok

11:17:20.0671 2952 [ 118EDC3E712FF83CE25612081A69075D ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

11:17:20.0687 2952 TuneUp.UtilitiesSvc - ok

11:17:20.0687 2952 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys

11:17:20.0703 2952 TuneUpUtilitiesDrv - ok

11:17:20.0718 2952 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

11:17:20.0718 2952 Udfs - ok

11:17:20.0718 2952 ultra - ok

11:17:20.0828 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

11:17:20.0828 2952 Update - ok

11:17:20.0859 2952 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe

11:17:20.0859 2952 UPHClean - ok

11:17:20.0875 2952 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

11:17:20.0875 2952 upnphost - ok

11:17:20.0890 2952 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

11:17:20.0906 2952 UPS - ok

11:17:20.0921 2952 [ CB41CD653916362CA5ECD242382A156E ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

11:17:20.0921 2952 UrlFilter - ok

11:17:20.0937 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:17:20.0937 2952 usbccgp - ok

11:17:20.0953 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:17:20.0953 2952 usbehci - ok

11:17:20.0968 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:17:20.0968 2952 usbhub - ok

11:17:20.0984 2952 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:17:20.0984 2952 usbprint - ok

11:17:21.0000 2952 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:17:21.0000 2952 USBSTOR - ok

11:17:21.0015 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:17:21.0015 2952 usbuhci - ok

11:17:21.0046 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll

11:17:21.0046 2952 UxTuneUp - ok

11:17:21.0062 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

11:17:21.0062 2952 VgaSave - ok

11:17:21.0062 2952 ViaIde - ok

11:17:21.0093 2952 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

11:17:21.0109 2952 VolSnap - ok

11:17:21.0218 2952 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

11:17:21.0234 2952 VSS - ok

11:17:21.0359 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

11:17:21.0359 2952 vToolbarUpdater13.2.0 - ok

11:17:21.0437 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

11:17:21.0437 2952 W32Time - ok

11:17:21.0453 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:17:21.0453 2952 Wanarp - ok

11:17:21.0453 2952 WDICA - ok

11:17:21.0484 2952 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

11:17:21.0484 2952 wdmaud - ok

11:17:21.0515 2952 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

11:17:21.0515 2952 WebClient - ok

11:17:21.0562 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

11:17:21.0562 2952 winmgmt - ok

11:17:21.0593 2952 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll

11:17:21.0609 2952 WinRM - ok

11:17:21.0625 2952 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll

11:17:21.0640 2952 WmdmPmSN - ok

11:17:21.0687 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll

11:17:21.0687 2952 Wmi - ok

11:17:21.0703 2952 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

11:17:21.0718 2952 WmiApSrv - ok

11:17:21.0765 2952 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

11:17:21.0796 2952 WMPNetworkSvc - ok

11:17:21.0859 2952 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

11:17:21.0875 2952 WPFFontCache_v0400 - ok

11:17:21.0921 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys

11:17:21.0921 2952 WsAudio_DeviceS(1) - ok

11:17:21.0937 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys

11:17:21.0937 2952 WsAudio_DeviceS(2) - ok

11:17:21.0953 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys

11:17:21.0953 2952 WsAudio_DeviceS(3) - ok

11:17:21.0968 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys

11:17:21.0984 2952 WsAudio_DeviceS(4) - ok

11:17:22.0000 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys

11:17:22.0000 2952 WsAudio_DeviceS(5) - ok

11:17:22.0015 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll

11:17:22.0031 2952 wscsvc - ok

11:17:22.0046 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

11:17:22.0046 2952 wuauserv - ok

11:17:22.0062 2952 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:17:22.0062 2952 WudfPf - ok

11:17:22.0062 2952 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:17:22.0062 2952 WudfRd - ok

11:17:22.0078 2952 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll

11:17:22.0109 2952 WudfSvc - ok

11:17:22.0187 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

11:17:22.0187 2952 WZCSVC - ok

11:17:22.0203 2952 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

11:17:22.0218 2952 xmlprov - ok

11:17:22.0218 2952 ================ Scan global ===============================

11:17:22.0234 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

11:17:22.0250 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

11:17:22.0265 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

11:17:22.0281 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

11:17:22.0281 2952 [Global] - ok

11:17:22.0281 2952 ================ Scan MBR ==================================

11:17:22.0296 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

11:17:22.0781 2952 \Device\Harddisk0\DR0 - ok

11:17:22.0796 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

11:17:23.0015 2952 \Device\Harddisk1\DR1 - ok

11:17:23.0015 2952 ================ Scan VBR ==================================

11:17:23.0015 2952 [ C593EAFFA0EC925B070596C4D76C0F8A ] \Device\Harddisk0\DR0\Partition1

11:17:23.0015 2952 \Device\Harddisk0\DR0\Partition1 - ok

11:17:23.0015 2952 [ C86D8448686A33EF77E5B847E8C484A9 ] \Device\Harddisk1\DR1\Partition1

11:17:23.0015 2952 \Device\Harddisk1\DR1\Partition1 - ok

11:17:23.0015 2952 ================ Scan active images ========================

11:17:23.0015 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys

11:17:23.0015 2952 C:\WINDOWS\system32\drivers\intelppm.sys - ok

11:17:23.0015 2952 [ ED9816DBAF6689542EA7D022631906A1 ] C:\WINDOWS\system32\drivers\nv4_mini.sys

11:17:23.0015 2952 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok

11:17:23.0031 2952 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\videoprt.sys - ok

11:17:23.0031 2952 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbport.sys - ok

11:17:23.0031 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbuhci.sys - ok

11:17:23.0031 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbehci.sys - ok

11:17:23.0031 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok

11:17:23.0031 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\cdrom.sys - ok

11:17:23.0031 2952 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ks.sys - ok

11:17:23.0031 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\imapi.sys - ok

11:17:23.0031 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] C:\WINDOWS\system32\drivers\l151x86.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\l151x86.sys - ok

11:17:23.0031 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\redbook.sys - ok

11:17:23.0031 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ASACPI.sys - ok

11:17:23.0031 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\fdc.sys - ok

11:17:23.0031 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys

11:17:23.0031 2952 C:\WINDOWS\system32\drivers\i8042prt.sys - ok

11:17:23.0046 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serenum.sys - ok

11:17:23.0046 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serial.sys - ok

11:17:23.0046 2952 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\audstub.sys - ok

11:17:23.0046 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\kbdclass.sys - ok

11:17:23.0046 2952 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndistapi.sys - ok

11:17:23.0046 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndiswan.sys - ok

11:17:23.0046 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok

11:17:23.0046 2952 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspppoe.sys - ok

11:17:23.0046 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\msgpc.sys - ok

11:17:23.0046 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\psched.sys - ok

11:17:23.0046 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys

11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspptp.sys - ok

11:17:23.0062 2952 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\tdi.sys - ok

11:17:23.0062 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ptilink.sys - ok

11:17:23.0062 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\raspti.sys - ok

11:17:23.0062 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\rdpdr.sys - ok

11:17:23.0062 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mouclass.sys - ok

11:17:23.0062 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\swenum.sys - ok

11:17:23.0062 2952 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\termdd.sys - ok

11:17:23.0062 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\update.sys - ok

11:17:23.0062 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mssmbios.sys - ok

11:17:23.0062 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ndproxy.sys - ok

11:17:23.0062 2952 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbd.sys - ok

11:17:23.0062 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys

11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbhub.sys - ok

11:17:23.0078 2952 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\drmk.sys - ok

11:17:23.0078 2952 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\portcls.sys - ok

11:17:23.0078 2952 [ 976BFBACF0099565B14810D4840CFC6F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok

11:17:23.0078 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\flpydisk.sys - ok

11:17:23.0078 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] C:\WINDOWS\system32\drivers\avgtpx86.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\avgtpx86.sys - ok

11:17:23.0078 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\beep.sys - ok

11:17:23.0078 2952 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\cdaudio.sys - ok

11:17:23.0078 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\fs_rec.sys - ok

11:17:23.0078 2952 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\hidparse.sys - ok

11:17:23.0078 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\kbdhid.sys - ok

11:17:23.0078 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\null.sys - ok

11:17:23.0078 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys

11:17:23.0078 2952 C:\WINDOWS\system32\drivers\sfloppy.sys - ok

11:17:23.0093 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\vga.sys - ok

11:17:23.0093 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\mnmdd.sys - ok

11:17:23.0093 2952 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\msfs.sys - ok

11:17:23.0093 2952 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok

11:17:23.0093 2952 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\ipsec.sys - ok

11:17:23.0093 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\netbt.sys - ok

11:17:23.0093 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\npfs.sys - ok

11:17:23.0093 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rasacd.sys - ok

11:17:23.0093 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tcpip.sys - ok

11:17:23.0093 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] C:\WINDOWS\system32\drivers\tmeext.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tmeext.sys - ok

11:17:23.0093 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys

11:17:23.0093 2952 C:\WINDOWS\system32\drivers\afd.sys - ok

11:17:23.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\ipnat.sys - ok

11:17:23.0109 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\netbios.sys - ok

11:17:23.0109 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\wanarp.sys - ok

11:17:23.0109 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] C:\WINDOWS\system32\drivers\tmcomm.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmcomm.sys - ok

11:17:23.0109 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] C:\WINDOWS\system32\drivers\tmevtmgr.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmevtmgr.sys - ok

11:17:23.0109 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok

11:17:23.0109 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\rdbss.sys - ok

11:17:23.0109 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] C:\WINDOWS\system32\drivers\tmactmon.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmactmon.sys - ok

11:17:23.0109 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] C:\WINDOWS\system32\drivers\tmtdi.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmtdi.sys - ok

11:17:23.0109 2952 [ 663F2FB92608073824EE3106886120F3 ] C:\WINDOWS\system32\drivers\AsIO.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\AsIO.sys - ok

11:17:23.0109 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys

11:17:23.0109 2952 C:\WINDOWS\system32\drivers\fips.sys - ok

11:17:23.0109 2952 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe

11:17:23.0109 2952 C:\WINDOWS\system32\smss.exe - ok

11:17:23.0109 2952 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll

11:17:23.0109 2952 C:\WINDOWS\system32\ntdll.dll - ok

11:17:23.0125 2952 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll

11:17:23.0125 2952 C:\WINDOWS\system32\sfcfiles.dll - ok

11:17:23.0125 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\cdfs.sys - ok

11:17:23.0125 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbccgp.sys - ok

11:17:23.0125 2952 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidclass.sys - ok

11:17:23.0125 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidusb.sys - ok

11:17:23.0125 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\mouhid.sys - ok

11:17:23.0125 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] C:\WINDOWS\system32\drivers\HPZius12.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZius12.sys - ok

11:17:23.0125 2952 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbprint.sys - ok

11:17:23.0125 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] C:\WINDOWS\system32\drivers\HPZid412.sys

11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZid412.sys - ok

11:17:23.0140 2952 [ 89F41658929393487B6B7D13C8528CE3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys

11:17:23.0140 2952 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok

11:17:23.0140 2952 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys

11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxapi.sys - ok

11:17:23.0140 2952 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys

11:17:23.0140 2952 C:\WINDOWS\system32\watchdog.sys - ok

11:17:23.0140 2952 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys

11:17:23.0140 2952 C:\WINDOWS\system32\win32k.sys - ok

11:17:23.0140 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

11:17:23.0140 2952 C:\WINDOWS\system32\basesrv.dll - ok

11:17:23.0140 2952 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll

11:17:23.0140 2952 C:\WINDOWS\system32\csrsrv.dll - ok

11:17:23.0140 2952 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe

11:17:23.0140 2952 C:\WINDOWS\system32\csrss.exe - ok

11:17:23.0140 2952 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll

11:17:23.0140 2952 C:\WINDOWS\system32\gdi32.dll - ok

11:17:23.0140 2952 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll

11:17:23.0140 2952 C:\WINDOWS\system32\kernel32.dll - ok

11:17:23.0140 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

11:17:23.0140 2952 C:\WINDOWS\system32\winsrv.dll - ok

11:17:23.0140 2952 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll

11:17:23.0140 2952 C:\WINDOWS\system32\user32.dll - ok

11:17:23.0140 2952 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys

11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxg.sys - ok

11:17:23.0156 2952 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys

11:17:23.0156 2952 C:\WINDOWS\system32\drivers\dxgthk.sys - ok

11:17:23.0156 2952 [ 2C9A151701878E18563447EB2C2B0516 ] C:\WINDOWS\system32\nv4_disp.dll

11:17:23.0156 2952 C:\WINDOWS\system32\nv4_disp.dll - ok

11:17:23.0156 2952 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll

11:17:23.0156 2952 C:\WINDOWS\system32\vga.dll - ok

11:17:23.0156 2952 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe

11:17:23.0156 2952 C:\WINDOWS\system32\winlogon.exe - ok

11:17:23.0156 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll

11:17:23.0156 2952 C:\WINDOWS\system32\advapi32.dll - ok

11:17:23.0156 2952 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll

11:17:23.0156 2952 C:\WINDOWS\system32\rpcrt4.dll - ok

11:17:23.0156 2952 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll

11:17:23.0156 2952 C:\WINDOWS\system32\authz.dll - ok

11:17:23.0156 2952 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll

11:17:23.0156 2952 C:\WINDOWS\system32\secur32.dll - ok

11:17:23.0156 2952 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll

11:17:23.0156 2952 C:\WINDOWS\system32\crypt32.dll - ok

11:17:23.0156 2952 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll

11:17:23.0156 2952 C:\WINDOWS\system32\msvcrt.dll - ok

11:17:23.0156 2952 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll

11:17:23.0156 2952 C:\WINDOWS\system32\msasn1.dll - ok

11:17:23.0156 2952 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll

11:17:23.0156 2952 C:\WINDOWS\system32\nddeapi.dll - ok

11:17:23.0171 2952 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll

11:17:23.0171 2952 C:\WINDOWS\system32\profmap.dll - ok

11:17:23.0171 2952 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll

11:17:23.0171 2952 C:\WINDOWS\system32\netapi32.dll - ok

11:17:23.0171 2952 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll

11:17:23.0171 2952 C:\WINDOWS\system32\userenv.dll - ok

11:17:23.0171 2952 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll

11:17:23.0171 2952 C:\WINDOWS\system32\psapi.dll - ok

11:17:23.0171 2952 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll

11:17:23.0171 2952 C:\WINDOWS\system32\regapi.dll - ok

11:17:23.0171 2952 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll

11:17:23.0171 2952 C:\WINDOWS\system32\setupapi.dll - ok

11:17:23.0171 2952 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll

11:17:23.0171 2952 C:\WINDOWS\system32\version.dll - ok

Link to post
Share on other sites

11:17:23.0171 2952 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll

11:17:23.0171 2952 C:\WINDOWS\system32\imagehlp.dll - ok

11:17:23.0171 2952 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll

11:17:23.0171 2952 C:\WINDOWS\system32\winsta.dll - ok

11:17:23.0171 2952 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll

11:17:23.0171 2952 C:\WINDOWS\system32\wintrust.dll - ok

11:17:23.0171 2952 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll

11:17:23.0171 2952 C:\WINDOWS\system32\ws2help.dll - ok

11:17:23.0171 2952 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll

11:17:23.0171 2952 C:\WINDOWS\system32\ws2_32.dll - ok

11:17:23.0187 2952 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll

11:17:23.0187 2952 C:\WINDOWS\system32\imm32.dll - ok

11:17:23.0187 2952 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll

11:17:23.0187 2952 C:\WINDOWS\system32\kbdus.dll - ok

11:17:23.0187 2952 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll

11:17:23.0187 2952 C:\WINDOWS\system32\msgina.dll - ok

11:17:23.0187 2952 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll

11:17:23.0187 2952 C:\WINDOWS\system32\comctl32.dll - ok

11:17:23.0187 2952 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll

11:17:23.0187 2952 C:\WINDOWS\system32\comdlg32.dll - ok

11:17:23.0187 2952 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll

11:17:23.0187 2952 C:\WINDOWS\system32\odbc32.dll - ok

11:17:23.0187 2952 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll

11:17:23.0187 2952 C:\WINDOWS\system32\shell32.dll - ok

11:17:23.0187 2952 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll

11:17:23.0187 2952 C:\WINDOWS\system32\shlwapi.dll - ok

11:17:23.0187 2952 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll

11:17:23.0187 2952 C:\WINDOWS\system32\sxs.dll - ok

11:17:23.0187 2952 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

11:17:23.0187 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok

11:17:23.0187 2952 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll

11:17:23.0187 2952 C:\WINDOWS\system32\odbcint.dll - ok

11:17:23.0187 2952 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll

11:17:23.0187 2952 C:\WINDOWS\system32\sfc.dll - ok

11:17:23.0203 2952 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll

11:17:23.0203 2952 C:\WINDOWS\system32\sfc_os.dll - ok

11:17:23.0203 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll

11:17:23.0203 2952 C:\WINDOWS\system32\shsvcs.dll - ok

11:17:23.0203 2952 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll

11:17:23.0203 2952 C:\WINDOWS\system32\ole32.dll - ok

11:17:23.0203 2952 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll

11:17:23.0203 2952 C:\WINDOWS\system32\apphelp.dll - ok

11:17:23.0203 2952 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll

11:17:23.0203 2952 C:\WINDOWS\system32\lsasrv.dll - ok

11:17:23.0203 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe

11:17:23.0203 2952 C:\WINDOWS\system32\lsass.exe - ok

11:17:23.0203 2952 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll

11:17:23.0203 2952 C:\WINDOWS\system32\ncobjapi.dll - ok

11:17:23.0203 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

11:17:23.0203 2952 C:\WINDOWS\system32\services.exe - ok

11:17:23.0203 2952 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll

11:17:23.0203 2952 C:\WINDOWS\system32\msvcp60.dll - ok

11:17:23.0203 2952 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll

11:17:23.0203 2952 C:\WINDOWS\system32\mpr.dll - ok

11:17:23.0203 2952 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll

11:17:23.0203 2952 C:\WINDOWS\system32\scesrv.dll - ok

11:17:23.0203 2952 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll

11:17:23.0203 2952 C:\WINDOWS\system32\ntdsapi.dll - ok

11:17:23.0218 2952 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll

11:17:23.0218 2952 C:\WINDOWS\system32\umpnpmgr.dll - ok

11:17:23.0218 2952 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll

11:17:23.0218 2952 C:\WINDOWS\system32\dnsapi.dll - ok

11:17:23.0218 2952 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll

11:17:23.0218 2952 C:\WINDOWS\system32\shimeng.dll - ok

11:17:23.0218 2952 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll

11:17:23.0218 2952 C:\WINDOWS\system32\wldap32.dll - ok

11:17:23.0218 2952 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll

11:17:23.0218 2952 C:\WINDOWS\AppPatch\acadproc.dll - ok

11:17:23.0218 2952 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll

11:17:23.0218 2952 C:\WINDOWS\system32\samlib.dll - ok

11:17:23.0218 2952 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll

11:17:23.0218 2952 C:\WINDOWS\system32\samsrv.dll - ok

11:17:23.0218 2952 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll

11:17:23.0218 2952 C:\WINDOWS\system32\cryptdll.dll - ok

11:17:23.0218 2952 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll

11:17:23.0218 2952 C:\WINDOWS\AppPatch\acgenral.dll - ok

11:17:23.0218 2952 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll

11:17:23.0218 2952 C:\WINDOWS\system32\oleaut32.dll - ok

11:17:23.0218 2952 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll

11:17:23.0218 2952 C:\WINDOWS\system32\winmm.dll - ok

11:17:23.0218 2952 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll

11:17:23.0218 2952 C:\WINDOWS\system32\msacm32.dll - ok

11:17:23.0234 2952 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll

11:17:23.0234 2952 C:\WINDOWS\system32\uxtheme.dll - ok

11:17:23.0234 2952 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll

11:17:23.0234 2952 C:\WINDOWS\system32\msapsspc.dll - ok

11:17:23.0234 2952 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll

11:17:23.0234 2952 C:\WINDOWS\system32\msvcrt40.dll - ok

11:17:23.0234 2952 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll

11:17:23.0234 2952 C:\WINDOWS\system32\schannel.dll - ok

11:17:23.0234 2952 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll

11:17:23.0234 2952 C:\WINDOWS\system32\digest.dll - ok

11:17:23.0234 2952 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll

11:17:23.0234 2952 C:\WINDOWS\system32\msnsspc.dll - ok

11:17:23.0234 2952 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll

11:17:23.0234 2952 C:\WINDOWS\system32\kerberos.dll - ok

11:17:23.0234 2952 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime

11:17:23.0234 2952 C:\WINDOWS\system32\msctfime.ime - ok

11:17:23.0234 2952 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll

11:17:23.0234 2952 C:\WINDOWS\system32\msprivs.dll - ok

11:17:23.0234 2952 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll

11:17:23.0234 2952 C:\WINDOWS\system32\msv1_0.dll - ok

11:17:23.0234 2952 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll

11:17:23.0234 2952 C:\WINDOWS\system32\atmfd.dll - ok

11:17:23.0234 2952 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll

11:17:23.0234 2952 C:\WINDOWS\system32\iphlpapi.dll - ok

11:17:23.0250 2952 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll

11:17:23.0250 2952 C:\WINDOWS\system32\netlogon.dll - ok

11:17:23.0250 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll

11:17:23.0250 2952 C:\WINDOWS\system32\w32time.dll - ok

11:17:23.0250 2952 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll

11:17:23.0250 2952 C:\WINDOWS\system32\wdigest.dll - ok

11:17:23.0250 2952 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll

11:17:23.0250 2952 C:\WINDOWS\system32\rsaenh.dll - ok

11:17:23.0250 2952 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll

11:17:23.0250 2952 C:\WINDOWS\system32\winscard.dll - ok

11:17:23.0250 2952 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll

11:17:23.0250 2952 C:\WINDOWS\system32\wtsapi32.dll - ok

11:17:23.0250 2952 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll

11:17:23.0250 2952 C:\WINDOWS\system32\scecli.dll - ok

11:17:23.0250 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - ok

11:17:23.0250 2952 [ 26AA77FC855DC49E3FFD98BFB38904BE ] C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl

11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl - ok

11:17:23.0250 2952 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll

11:17:23.0250 2952 C:\WINDOWS\system32\oleacc.dll - ok

11:17:23.0250 2952 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll

11:17:23.0250 2952 C:\WINDOWS\system32\wsock32.dll - ok

11:17:23.0265 2952 [ B10E3287B7CB1060CD70B51B079A354D ] C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl

11:17:23.0265 2952 C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl - ok

11:17:23.0265 2952 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll

11:17:23.0265 2952 C:\WINDOWS\system32\msimg32.dll - ok

11:17:23.0265 2952 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv

11:17:23.0265 2952 C:\WINDOWS\system32\winspool.drv - ok

11:17:23.0265 2952 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll

11:17:23.0265 2952 C:\WINDOWS\system32\oledlg.dll - ok

11:17:23.0265 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] C:\WINDOWS\system32\nvsvc32.exe

11:17:23.0265 2952 C:\WINDOWS\system32\nvsvc32.exe - ok

11:17:23.0265 2952 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll

11:17:23.0265 2952 C:\WINDOWS\system32\powrprof.dll - ok

11:17:23.0265 2952 [ 58A517026E5C8674A70B9B6650691EFE ] C:\WINDOWS\system32\nvcpl.dll

11:17:23.0265 2952 C:\WINDOWS\system32\nvcpl.dll - ok

11:17:23.0265 2952 [ 6A65DA7325CF33ACAA112DC2F70B0934 ] C:\WINDOWS\system32\nvapi.dll

11:17:23.0265 2952 C:\WINDOWS\system32\nvapi.dll - ok

11:17:23.0265 2952 [ 0AD786CEEFBD6D51B7D35788D83857B9 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll

11:17:23.0265 2952 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok

11:17:23.0265 2952 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe

11:17:23.0265 2952 C:\WINDOWS\system32\logonui.exe - ok

11:17:23.0281 2952 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll

11:17:23.0281 2952 C:\WINDOWS\system32\duser.dll - ok

11:17:23.0281 2952 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll

11:17:23.0281 2952 C:\WINDOWS\system32\clbcatq.dll - ok

11:17:23.0281 2952 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll

11:17:23.0281 2952 C:\WINDOWS\system32\comres.dll - ok

11:17:23.0281 2952 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll

11:17:23.0281 2952 C:\WINDOWS\system32\shgina.dll - ok

11:17:23.0281 2952 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe

11:17:23.0281 2952 C:\WINDOWS\system32\svchost.exe - ok

11:17:23.0281 2952 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll

11:17:23.0281 2952 C:\WINDOWS\system32\ntmarta.dll - ok

11:17:23.0281 2952 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll

11:17:23.0281 2952 C:\WINDOWS\system32\rpcss.dll - ok

11:17:23.0281 2952 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll

11:17:23.0281 2952 C:\WINDOWS\system32\xpsp2res.dll - ok

11:17:23.0281 2952 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll

11:17:23.0281 2952 C:\WINDOWS\system32\eventlog.dll - ok

11:17:23.0281 2952 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll

11:17:23.0281 2952 C:\WINDOWS\system32\mswsock.dll - ok

11:17:23.0296 2952 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll

11:17:23.0296 2952 C:\WINDOWS\system32\hnetcfg.dll - ok

11:17:23.0296 2952 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll

11:17:23.0296 2952 C:\WINDOWS\system32\winrnr.dll - ok

11:17:23.0296 2952 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll

11:17:23.0296 2952 C:\WINDOWS\system32\wshtcpip.dll - ok

11:17:23.0296 2952 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll

11:17:23.0296 2952 C:\WINDOWS\system32\rasadhlp.dll - ok

11:17:23.0296 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] C:\WINDOWS\system32\uxtuneup.dll

11:17:23.0296 2952 C:\WINDOWS\system32\uxtuneup.dll - ok

11:17:23.0296 2952 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll

11:17:23.0296 2952 C:\WINDOWS\system32\dbghelp.dll - ok

11:17:23.0296 2952 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys

11:17:23.0296 2952 C:\WINDOWS\system32\drivers\ndisuio.sys - ok

11:17:23.0296 2952 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll

11:17:23.0296 2952 C:\WINDOWS\system32\dhcpcsvc.dll - ok

11:17:23.0296 2952 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll

11:17:23.0296 2952 C:\WINDOWS\system32\cscdll.dll - ok

11:17:23.0296 2952 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll

11:17:23.0296 2952 C:\WINDOWS\system32\dimsntfy.dll - ok

11:17:23.0296 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll

11:17:23.0296 2952 C:\WINDOWS\system32\dnsrslvr.dll - ok

11:17:23.0296 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll

11:17:23.0296 2952 C:\WINDOWS\system32\wzcsvc.dll - ok

11:17:23.0312 2952 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll

11:17:23.0312 2952 C:\WINDOWS\system32\wlnotify.dll - ok

11:17:23.0312 2952 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll

11:17:23.0312 2952 C:\WINDOWS\system32\rtutils.dll - ok

11:17:23.0312 2952 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll

11:17:23.0312 2952 C:\WINDOWS\system32\wmi.dll - ok

11:17:23.0312 2952 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll

11:17:23.0312 2952 C:\WINDOWS\system32\eapolqec.dll - ok

11:17:23.0312 2952 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll

11:17:23.0312 2952 C:\WINDOWS\system32\WgaLogon.dll - ok

11:17:23.0312 2952 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll

11:17:23.0312 2952 C:\WINDOWS\system32\atl.dll - ok

11:17:23.0312 2952 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll

11:17:23.0312 2952 C:\WINDOWS\system32\qutil.dll - ok

11:17:23.0312 2952 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll

11:17:23.0312 2952 C:\WINDOWS\system32\dot3api.dll - ok

11:17:23.0312 2952 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll

11:17:23.0312 2952 C:\WINDOWS\system32\esent.dll - ok

11:17:23.0312 2952 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll

11:17:23.0312 2952 C:\WINDOWS\system32\msxml3.dll - ok

11:17:23.0312 2952 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll

11:17:23.0312 2952 C:\WINDOWS\system32\rastls.dll - ok

11:17:23.0312 2952 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll

11:17:23.0312 2952 C:\WINDOWS\system32\cryptui.dll - ok

11:17:23.0328 2952 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll

11:17:23.0328 2952 C:\WINDOWS\system32\wininet.dll - ok

11:17:23.0328 2952 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll

11:17:23.0328 2952 C:\WINDOWS\system32\normaliz.dll - ok

11:17:23.0328 2952 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll

11:17:23.0328 2952 C:\WINDOWS\system32\urlmon.dll - ok

11:17:23.0328 2952 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll

11:17:23.0328 2952 C:\WINDOWS\system32\iertutil.dll - ok

11:17:23.0328 2952 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll

11:17:23.0328 2952 C:\WINDOWS\system32\mprapi.dll - ok

11:17:23.0328 2952 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll

11:17:23.0328 2952 C:\WINDOWS\system32\activeds.dll - ok

11:17:23.0328 2952 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll

11:17:23.0328 2952 C:\WINDOWS\system32\adsldpc.dll - ok

11:17:23.0328 2952 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll

11:17:23.0328 2952 C:\WINDOWS\system32\rasapi32.dll - ok

11:17:23.0328 2952 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll

11:17:23.0328 2952 C:\WINDOWS\system32\rasman.dll - ok

11:17:23.0328 2952 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll

11:17:23.0328 2952 C:\WINDOWS\system32\tapi32.dll - ok

11:17:23.0328 2952 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll

11:17:23.0328 2952 C:\WINDOWS\system32\riched20.dll - ok

11:17:23.0328 2952 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll

11:17:23.0328 2952 C:\WINDOWS\system32\raschap.dll - ok

11:17:23.0343 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll

11:17:23.0343 2952 C:\WINDOWS\system32\schedsvc.dll - ok

11:17:23.0343 2952 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll

11:17:23.0343 2952 C:\WINDOWS\system32\msidle.dll - ok

11:17:23.0343 2952 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll

11:17:23.0343 2952 C:\WINDOWS\system32\cscui.dll - ok

11:17:23.0343 2952 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe

11:17:23.0343 2952 C:\WINDOWS\system32\spoolsv.exe - ok

11:17:23.0343 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll

11:17:23.0343 2952 C:\WINDOWS\system32\audiosrv.dll - ok

11:17:23.0343 2952 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll

11:17:23.0343 2952 C:\WINDOWS\system32\dpcdll.dll - ok

11:17:23.0343 2952 [ 8AE99EBE30E8338907361018D9030835 ] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe - ok

11:17:23.0343 2952 [ DD82EB68D97944B192C7803EB585B03C ] C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl

11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl - ok

11:17:23.0343 2952 [ 773EBD87010A6F644869A59D98792C9C ] C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl

11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl - ok

11:17:23.0343 2952 [ 8A73E259446AEADF64EA884F2BCE4E69 ] C:\Program Files\IObit\IObit Malware Fighter\datastate.dll

11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\datastate.dll - ok

11:17:23.0343 2952 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe

11:17:23.0343 2952 C:\WINDOWS\system32\userinit.exe - ok

11:17:23.0359 2952 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe

11:17:23.0359 2952 C:\WINDOWS\system32\WgaTray.exe - ok

11:17:23.0359 2952 [ 452DB84283EB2F043827AC95D62CE19C ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe

11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok

11:17:23.0359 2952 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe

11:17:23.0359 2952 C:\WINDOWS\explorer.exe - ok

11:17:23.0359 2952 [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl

11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok

11:17:23.0359 2952 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll

11:17:23.0359 2952 C:\WINDOWS\system32\browseui.dll - ok

11:17:23.0359 2952 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll

11:17:23.0359 2952 C:\WINDOWS\system32\cryptnet.dll - ok

11:17:23.0359 2952 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll

11:17:23.0359 2952 C:\WINDOWS\system32\sensapi.dll - ok

11:17:23.0359 2952 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll

11:17:23.0359 2952 C:\WINDOWS\system32\shdocvw.dll - ok

11:17:23.0359 2952 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll

11:17:23.0359 2952 C:\WINDOWS\system32\winhttp.dll - ok

11:17:23.0359 2952 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll

11:17:23.0359 2952 C:\WINDOWS\system32\wkssvc.dll - ok

11:17:23.0359 2952 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll

11:17:23.0359 2952 C:\WINDOWS\system32\shfolder.dll - ok

11:17:23.0359 2952 [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL

11:17:23.0359 2952 C:\WINDOWS\system32\LegitCheckControl.DLL - ok

11:17:23.0359 2952 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll

11:17:23.0359 2952 C:\WINDOWS\system32\wbem\wbemprox.dll - ok

11:17:23.0375 2952 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll

11:17:23.0375 2952 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok

11:17:23.0375 2952 [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok

11:17:23.0375 2952 [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok

11:17:23.0375 2952 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl

11:17:23.0375 2952 C:\WINDOWS\system32\desk.cpl - ok

11:17:23.0375 2952 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll

11:17:23.0375 2952 C:\WINDOWS\system32\themeui.dll - ok

11:17:23.0375 2952 [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok

11:17:23.0375 2952 [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok

11:17:23.0375 2952 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll

11:17:23.0375 2952 C:\WINDOWS\system32\actxprxy.dll - ok

11:17:23.0375 2952 [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok

11:17:23.0375 2952 [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok

11:17:23.0375 2952 [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl

11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok

11:17:23.0375 2952 [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok

11:17:23.0390 2952 [ 9244E0240A1D150581C3BAA89D8AA154 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok

11:17:23.0390 2952 [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok

11:17:23.0390 2952 [ 8F220DCB4AA4B2A12ECE5B87C701170D ] C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl - ok

11:17:23.0390 2952 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll

11:17:23.0390 2952 C:\WINDOWS\system32\cabinet.dll - ok

11:17:23.0390 2952 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll

11:17:23.0390 2952 C:\WINDOWS\system32\olepro32.dll - ok

11:17:23.0390 2952 [ CA3B195D98BDBBB7D50C70372CF3005F ] C:\WINDOWS\system32\jsproxy.dll

11:17:23.0390 2952 C:\WINDOWS\system32\jsproxy.dll - ok

11:17:23.0390 2952 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx

11:17:23.0390 2952 C:\WINDOWS\system32\hhctrl.ocx - ok

11:17:23.0390 2952 [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll

11:17:23.0390 2952 C:\WINDOWS\system32\srclient.dll - ok

11:17:23.0390 2952 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll

11:17:23.0390 2952 C:\WINDOWS\system32\wbem\framedyn.dll - ok

11:17:23.0390 2952 [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok

11:17:23.0390 2952 [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll

11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok

11:17:23.0406 2952 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll

11:17:23.0406 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok

11:17:23.0406 2952 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe

11:17:23.0406 2952 C:\WINDOWS\system32\cmd.exe - ok

11:17:23.0406 2952 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll

11:17:23.0406 2952 C:\WINDOWS\system32\mscms.dll - ok

11:17:23.0406 2952 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll

11:17:23.0406 2952 C:\WINDOWS\system32\localspl.dll - ok

11:17:23.0406 2952 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll

11:17:23.0406 2952 C:\WINDOWS\system32\spoolss.dll - ok

11:17:23.0406 2952 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll

11:17:23.0406 2952 C:\WINDOWS\system32\cnbjmon.dll - ok

11:17:23.0406 2952 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll

11:17:23.0406 2952 C:\WINDOWS\system32\ieframe.dll - ok

11:17:23.0406 2952 [ 10F23AE633810BBE7FDA6999714BF166 ] C:\WINDOWS\system32\hpz3l43a.dll

11:17:23.0406 2952 C:\WINDOWS\system32\hpz3l43a.dll - ok

11:17:23.0406 2952 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll

11:17:23.0406 2952 C:\WINDOWS\system32\pjlmon.dll - ok

11:17:23.0406 2952 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll

11:17:23.0406 2952 C:\WINDOWS\system32\tcpmon.dll - ok

11:17:23.0406 2952 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll

11:17:23.0406 2952 C:\WINDOWS\system32\usbmon.dll - ok

11:17:23.0406 2952 [ EA1B063208E4AE322BDF3F2FA235CC9D ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll

11:17:23.0406 2952 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll - ok

11:17:23.0406 2952 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll

11:17:23.0406 2952 C:\WINDOWS\system32\netrap.dll - ok

11:17:23.0421 2952 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll

11:17:23.0421 2952 C:\WINDOWS\system32\win32spl.dll - ok

11:17:23.0421 2952 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll

11:17:23.0421 2952 C:\WINDOWS\system32\inetpp.dll - ok

11:17:23.0421 2952 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll

11:17:23.0421 2952 C:\WINDOWS\system32\icm32.dll - ok

11:17:23.0421 2952 [ A0E86BA4B3E56C1DC277BD7CCEC555DA ] C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll

11:17:23.0421 2952 C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll - ok

11:17:23.0421 2952 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\wdmaud.sys - ok

11:17:23.0421 2952 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv

11:17:23.0421 2952 C:\WINDOWS\system32\wdmaud.drv - ok

11:17:23.0421 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\sysaudio.sys - ok

11:17:23.0421 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\splitter.sys - ok

11:17:23.0421 2952 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\aec.sys - ok

11:17:23.0421 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\swmidi.sys - ok

11:17:23.0421 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys

11:17:23.0421 2952 C:\WINDOWS\system32\drivers\dmusic.sys - ok

11:17:23.0437 2952 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys

11:17:23.0437 2952 C:\WINDOWS\system32\drivers\kmixer.sys - ok

11:17:23.0437 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys

11:17:23.0437 2952 C:\WINDOWS\system32\drivers\drmkaud.sys - ok

11:17:23.0437 2952 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll

11:17:23.0437 2952 C:\WINDOWS\system32\midimap.dll - ok

11:17:23.0437 2952 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv

11:17:23.0437 2952 C:\WINDOWS\system32\msacm32.drv - ok

11:17:23.0437 2952 [ F52603B708438E39FF38475807A01CBC ] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe - ok

11:17:23.0437 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys

11:17:23.0437 2952 C:\WINDOWS\system32\drivers\parport.sys - ok

11:17:23.0437 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll

11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll - ok

11:17:23.0437 2952 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll

11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok

11:17:23.0437 2952 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll

11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok

11:17:23.0437 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll

11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll - ok

11:17:23.0437 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll

11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll - ok

11:17:23.0437 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll

11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll - ok

11:17:23.0437 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\AMSP\utilInstallation.dll

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilInstallation.dll - ok

11:17:23.0453 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll - ok

11:17:23.0453 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\AMSP\utilThread.dll

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilThread.dll - ok

11:17:23.0453 2952 [ 7F9454A776CA6BFB655D8F49CA6110F6 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe - ok

11:17:23.0453 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok

11:17:23.0453 2952 [ 02AFDA1F5BFF989560B3C8BD7D8F355E ] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe - ok

11:17:23.0453 2952 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll

11:17:23.0453 2952 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok

11:17:23.0453 2952 [ 37864FB65C85C28BB928A9972A02F186 ] C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe - ok

11:17:23.0453 2952 [ 6C15AA98FDD8731CE9560A36F5771986 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe

11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe - ok

11:17:23.0453 2952 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll

11:17:23.0453 2952 C:\WINDOWS\system32\mscoree.dll - ok

11:17:23.0453 2952 [ 09588529557D695FA74275AF7C69219F ] C:\Program Files\Trend Micro\AMSP\sqlite3.dll

11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\sqlite3.dll - ok

11:17:23.0453 2952 [ AB690CD34CF4B4E3DDF78FD4FBCF88C3 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll

11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll - ok

11:17:23.0468 2952 [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll

11:17:23.0468 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok

11:17:23.0468 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

11:17:23.0468 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe - ok

11:17:23.0468 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll

11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll - ok

11:17:23.0468 2952 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll

11:17:23.0468 2952 C:\WINDOWS\system32\cryptsvc.dll - ok

11:17:23.0468 2952 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll

11:17:23.0468 2952 C:\WINDOWS\system32\certcli.dll - ok

11:17:23.0468 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\AMSP\utilIPC.dll

11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilIPC.dll - ok

11:17:23.0468 2952 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll

11:17:23.0468 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok

11:17:23.0468 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\AMSP\utilRPC.dll

11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilRPC.dll - ok

11:17:23.0468 2952 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll

11:17:23.0468 2952 C:\WINDOWS\system32\pdh.dll - ok

11:17:23.0468 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll

11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll - ok

11:17:23.0468 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll

11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll - ok

11:17:23.0468 2952 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll

11:17:23.0468 2952 C:\WINDOWS\system32\odbcbcp.dll - ok

11:17:23.0484 2952 [ 032320A85D15EFD4988FE4A38FF539AC ] C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll

11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll - ok

11:17:23.0484 2952 [ AAED5AC724069372C3983E0E10E5D349 ] C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll

11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll - ok

11:17:23.0484 2952 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll

11:17:23.0484 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok

11:17:23.0484 2952 [ 5ABF7951B2B40BBDFC6DBC895F956D17 ] C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll

11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll - ok

11:17:23.0484 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll

11:17:23.0484 2952 C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll - ok

11:17:23.0484 2952 [ 49A612FBAE2FCDE6044E7F3226D2263D ] C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll

11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll - ok

11:17:23.0484 2952 [ 41EFA82C864083025ED9FF17482CBA53 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll

11:17:23.0484 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll - ok

11:17:23.0484 2952 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll

11:17:23.0484 2952 C:\WINDOWS\system32\hid.dll - ok

11:17:23.0484 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll

11:17:23.0484 2952 C:\WINDOWS\system32\hidserv.dll - ok

11:17:23.0484 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] C:\WINDOWS\system32\HPZipm12.exe

11:17:23.0484 2952 C:\WINDOWS\system32\HPZipm12.exe - ok

11:17:23.0484 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] C:\WINDOWS\system32\IoctlSvc.exe

11:17:23.0484 2952 C:\WINDOWS\system32\IoctlSvc.exe - ok

11:17:23.0484 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll

11:17:23.0484 2952 C:\WINDOWS\system32\netman.dll - ok

11:17:23.0500 2952 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll

11:17:23.0500 2952 C:\WINDOWS\system32\ipsecsvc.dll - ok

11:17:23.0500 2952 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll

11:17:23.0500 2952 C:\WINDOWS\system32\netshell.dll - ok

11:17:23.0500 2952 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll

11:17:23.0500 2952 C:\WINDOWS\system32\oakley.dll - ok

11:17:23.0500 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok

11:17:23.0500 2952 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll

11:17:23.0500 2952 C:\WINDOWS\system32\winipsec.dll - ok

11:17:23.0500 2952 [ 95DDCEF11BA9BA30402C7FA8C893A59C ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll

11:17:23.0500 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll - ok

11:17:23.0500 2952 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll

11:17:23.0500 2952 C:\WINDOWS\system32\pstorsvc.dll - ok

11:17:23.0500 2952 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll

11:17:23.0500 2952 C:\WINDOWS\system32\credui.dll - ok

11:17:23.0500 2952 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll

11:17:23.0500 2952 C:\WINDOWS\system32\psbase.dll - ok

11:17:23.0500 2952 [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok

11:17:23.0500 2952 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll

11:17:23.0500 2952 C:\WINDOWS\system32\dot3dlg.dll - ok

11:17:23.0500 2952 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll

11:17:23.0500 2952 C:\WINDOWS\system32\dssenh.dll - ok

11:17:23.0515 2952 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll

11:17:23.0515 2952 C:\WINDOWS\system32\onex.dll - ok

11:17:23.0515 2952 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll

11:17:23.0515 2952 C:\WINDOWS\system32\eappcfg.dll - ok

11:17:23.0515 2952 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll

11:17:23.0515 2952 C:\WINDOWS\system32\eappprxy.dll - ok

11:17:23.0515 2952 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll

11:17:23.0515 2952 C:\WINDOWS\system32\vssapi.dll - ok

11:17:23.0515 2952 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll

11:17:23.0515 2952 C:\WINDOWS\system32\wzcsapi.dll - ok

11:17:23.0515 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll

11:17:23.0515 2952 C:\WINDOWS\system32\srvsvc.dll - ok

11:17:23.0515 2952 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll

11:17:23.0515 2952 C:\WINDOWS\system32\netmsg.dll - ok

11:17:23.0515 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll

11:17:23.0515 2952 C:\WINDOWS\system32\es.dll - ok

11:17:23.0515 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys

11:17:23.0515 2952 C:\WINDOWS\system32\drivers\srv.sys - ok

11:17:23.0515 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

11:17:23.0515 2952 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok

11:17:23.0515 2952 [ 118EDC3E712FF83CE25612081A69075D ] C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

11:17:23.0515 2952 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe - ok

11:17:23.0515 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll

11:17:23.0515 2952 C:\WINDOWS\system32\seclogon.dll - ok

11:17:23.0515 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll

11:17:23.0515 2952 C:\WINDOWS\system32\sens.dll - ok

11:17:23.0531 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll

11:17:23.0531 2952 C:\WINDOWS\system32\srsvc.dll - ok

11:17:23.0531 2952 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll

11:17:23.0531 2952 C:\WINDOWS\system32\msi.dll - ok

11:17:23.0531 2952 [ 3F9A3232E5F942874488981F3242C989 ] C:\Program Files\UPHClean\uphclean.exe

11:17:23.0531 2952 C:\Program Files\UPHClean\uphclean.exe - ok

11:17:23.0531 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

11:17:23.0531 2952 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe - ok

11:17:23.0531 2952 [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys

11:17:23.0531 2952 C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok

11:17:23.0531 2952 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll

11:17:23.0531 2952 C:\WINDOWS\system32\wuaueng.dll - ok

11:17:23.0531 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll

11:17:23.0531 2952 C:\WINDOWS\system32\wuauserv.dll - ok

11:17:23.0531 2952 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll

11:17:23.0531 2952 C:\WINDOWS\system32\mspatcha.dll - ok

11:17:23.0531 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

11:17:23.0531 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok

11:17:23.0531 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll

11:17:23.0531 2952 C:\WINDOWS\system32\wbem\wmisvc.dll - ok

11:17:23.0531 2952 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll

11:17:23.0531 2952 C:\WINDOWS\system32\comsvcs.dll - ok

11:17:23.0546 2952 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll

11:17:23.0546 2952 C:\WINDOWS\system32\colbact.dll - ok

11:17:23.0546 2952 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll

11:17:23.0546 2952 C:\WINDOWS\system32\clusapi.dll - ok

11:17:23.0546 2952 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll

11:17:23.0546 2952 C:\WINDOWS\system32\mtxclu.dll - ok

11:17:23.0546 2952 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll

11:17:23.0546 2952 C:\WINDOWS\system32\resutils.dll - ok

11:17:23.0546 2952 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wups.dll - ok

11:17:23.0546 2952 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wups2.dll - ok

11:17:23.0546 2952 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe

11:17:23.0546 2952 C:\WINDOWS\system32\wuauclt.exe - ok

11:17:23.0546 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll

11:17:23.0546 2952 C:\WINDOWS\system32\ipnathlp.dll - ok

11:17:23.0546 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wscsvc.dll - ok

11:17:23.0546 2952 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wbem\wbemcore.dll - ok

11:17:23.0546 2952 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wbem\esscli.dll - ok

11:17:23.0546 2952 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll

11:17:23.0546 2952 C:\WINDOWS\system32\wbem\fastprox.dll - ok

11:17:23.0562 2952 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok

11:17:23.0562 2952 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiutils.dll - ok

11:17:23.0562 2952 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok

11:17:23.0562 2952 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok

11:17:23.0562 2952 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemess.dll - ok

11:17:23.0562 2952 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wuapi.dll - ok

11:17:23.0562 2952 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\ncprov.dll - ok

11:17:23.0562 2952 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll

11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemcons.dll - ok

11:17:23.0562 2952 [ E5244A5462FA1F0267D8923538530AF4 ] C:\WINDOWS\system32\nlsdl.dll

11:17:23.0562 2952 C:\WINDOWS\system32\nlsdl.dll - ok

11:17:23.0562 2952 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll

11:17:23.0562 2952 C:\WINDOWS\system32\linkinfo.dll - ok

11:17:23.0562 2952 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll

11:17:23.0562 2952 C:\WINDOWS\system32\ntshrui.dll - ok

11:17:23.0562 2952 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe

11:17:23.0562 2952 C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe - ok

11:17:23.0578 2952 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll

11:17:23.0578 2952 C:\WINDOWS\system32\msctf.dll - ok

11:17:23.0578 2952 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll

11:17:23.0578 2952 C:\WINDOWS\system32\msutb.dll - ok

11:17:23.0578 2952 [ 0671A791C292F46423CFE37B53D598D0 ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll

11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok

11:17:23.0578 2952 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe

11:17:23.0578 2952 C:\WINDOWS\system32\verclsid.exe - ok

11:17:23.0578 2952 [ FAD9807ACDE89A34D2EB4743D57016D7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll

11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok

11:17:23.0578 2952 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40459742.sys

11:17:23.0578 2952 C:\WINDOWS\system32\drivers\40459742.sys - ok

11:17:23.0578 2952 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll

11:17:23.0578 2952 C:\WINDOWS\system32\mlang.dll - ok

11:17:23.0578 2952 [ 569CDDD12656B793732A573D192472F5 ] C:\Program Files\AVG Secure Search\HF_G_Jul.exe

11:17:23.0578 2952 C:\Program Files\AVG Secure Search\HF_G_Jul.exe - ok

11:17:23.0578 2952 [ C25602103B927A359B3ED9307EB37ED6 ] C:\Program Files\AVG Secure Search\vprot.exe

11:17:23.0578 2952 C:\Program Files\AVG Secure Search\vprot.exe - ok

11:17:23.0578 2952 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll

11:17:23.0578 2952 C:\WINDOWS\system32\upnp.dll - ok

11:17:23.0578 2952 [ D29046DC1D22561F3CE08DAC22BBB17B ] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe

11:17:23.0578 2952 C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe - ok

11:17:23.0578 2952 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

11:17:23.0578 2952 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok

11:17:23.0593 2952 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe

11:17:23.0593 2952 C:\WINDOWS\system32\rundll32.exe - ok

11:17:23.0593 2952 [ 102596AFB271F540E0C77C3634775FE6 ] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe

11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe - ok

11:17:23.0593 2952 [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

11:17:23.0593 2952 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok

11:17:23.0593 2952 [ F290C5F240CD5D0B60C5168A0FA1F2E2 ] C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe - ok

11:17:23.0593 2952 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll

11:17:23.0593 2952 C:\WINDOWS\system32\ssdpapi.dll - ok

11:17:23.0593 2952 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll

11:17:23.0593 2952 C:\WINDOWS\system32\netcfgx.dll - ok

11:17:23.0593 2952 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll

11:17:23.0593 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok

11:17:23.0593 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll

11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll - ok

11:17:23.0593 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll

11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll - ok

11:17:23.0593 2952 [ 6BD2C65C3CC612891B552EBB3A7F5370 ] C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll

11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll - ok

11:17:23.0593 2952 [ 2A840675AA2FA3183A86859D441B1B9B ] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - ok

11:17:23.0593 2952 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll

11:17:23.0593 2952 C:\WINDOWS\system32\webcheck.dll - ok

11:17:23.0609 2952 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll

11:17:23.0609 2952 C:\WINDOWS\system32\batmeter.dll - ok

11:17:23.0609 2952 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll

11:17:23.0609 2952 C:\WINDOWS\system32\stobject.dll - ok

11:17:23.0609 2952 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

11:17:23.0609 2952 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok

11:17:23.0609 2952 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll

11:17:23.0609 2952 C:\WINDOWS\system32\WPDShServiceObj.dll - ok

11:17:23.0609 2952 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll

11:17:23.0609 2952 C:\WINDOWS\system32\mydocs.dll - ok

11:17:23.0609 2952 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll

11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok

11:17:23.0609 2952 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll

11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceApi.dll - ok

11:17:23.0609 2952 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll

11:17:23.0609 2952 C:\WINDOWS\system32\usp10.dll - ok

11:17:23.0609 2952 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll

11:17:23.0609 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok

11:17:23.0609 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll

11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll - ok

11:17:23.0609 2952 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll

11:17:23.0609 2952 C:\WINDOWS\system32\rasdlg.dll - ok

11:17:23.0609 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll

11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll - ok

11:17:23.0625 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll - ok

11:17:23.0625 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll - ok

11:17:23.0625 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll - ok

11:17:23.0625 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll - ok

11:17:23.0625 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll - ok

11:17:23.0625 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll - ok

11:17:23.0625 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll - ok

11:17:23.0625 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll - ok

11:17:23.0625 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll

11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll - ok

11:17:23.0625 2952 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe

11:17:23.0625 2952 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok

11:17:23.0625 2952 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll

11:17:23.0625 2952 C:\WINDOWS\system32\msvcp100.dll - ok

11:17:23.0625 2952 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll

11:17:23.0625 2952 C:\WINDOWS\system32\msvcr100.dll - ok

11:17:23.0640 2952 [ D870F564BA017FEFC51D2B3C7E2B568B ] C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

11:17:23.0640 2952 C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll - ok

11:17:23.0640 2952 [ 396F72E102E368E402736813ED6683C7 ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll

11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll - ok

11:17:23.0640 2952 [ 54E2D3E2B827A8C3E4B907A4711A31AF ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll

11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll - ok

11:17:23.0640 2952 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe

11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok

11:17:23.0640 2952 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll

11:17:23.0640 2952 C:\WINDOWS\system32\wbem\cimwin32.dll - ok

11:17:23.0640 2952 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll

11:17:23.0640 2952 C:\WINDOWS\system32\security.dll - ok

11:17:23.0640 2952 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll

11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmipcima.dll - ok

11:17:23.0640 2952 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll

11:17:23.0640 2952 C:\WINDOWS\system32\cfgmgr32.dll - ok

11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll

11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll - ok

11:17:23.0640 2952 [ C1630C379C86AF26E8071F918F48637C ] C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll

11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll - ok

11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll

11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll - ok

11:17:23.0640 2952 [ 767FD31EC6BD6173756ED46400BD0394 ] C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll

11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll - ok

11:17:23.0656 2952 [ 166C8CEB569EF57626A1466BFE5DDFBC ] C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll - ok

11:17:23.0656 2952 [ 7B97CD8C5ABA843D82114B77A4CB9FB5 ] C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll - ok

11:17:23.0656 2952 [ 48F2986BAFC9A7BDB694AE6FF8E0157E ] C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll - ok

11:17:23.0656 2952 [ A60E337E5C366AFAFAE5E0751826BEFD ] C:\Program Files\Trend Micro\AMSP\libprotobuf.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\libprotobuf.dll - ok

11:17:23.0656 2952 [ B95D1CEC2EF487CFF16FF5D4B058294A ] C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll - ok

11:17:23.0656 2952 [ BF2222B87C8761A9D4B78F1BACFF0E87 ] C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll - ok

11:17:23.0656 2952 [ 4796E57D857ED1B3C8D00712E9DBC40A ] C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll - ok

11:17:23.0656 2952 [ 8102BAB3919F8D627808916294A7CB91 ] C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll - ok

11:17:23.0656 2952 [ 3A8269C4062B46EF6C7075CA29F8FB86 ] C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll - ok

11:17:23.0656 2952 [ 9F7BA8C8D12FFEC4DCF35070B894D018 ] C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll - ok

11:17:23.0656 2952 [ 8A9A1C50BBBF159ADC16397550180470 ] C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll - ok

11:17:23.0656 2952 [ 55295E10ED6D63B778908C5DEE1B65C4 ] C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll

11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll - ok

11:17:23.0671 2952 [ 3F5F21B9B4A2CA16D2825147395220DF ] C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll - ok

11:17:23.0671 2952 [ DB23CB8ED6D0459BE01DF87F3AE48CB8 ] C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll - ok

11:17:23.0671 2952 [ E5276D9A384609679C6925021E1C606A ] C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll - ok

11:17:23.0671 2952 [ 6DCC9211C76C380DCABB53F62DDB0BDF ] C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll - ok

11:17:23.0671 2952 [ 3117843D22D54AAF379C19CA7D612C76 ] C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll - ok

11:17:23.0671 2952 [ D7D81782F793C417CA7EC22EB7852A34 ] C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll - ok

11:17:23.0671 2952 [ DACC9B0A1134E5AE263F8AE69E13AB0B ] C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll - ok

11:17:23.0671 2952 [ 3485D3E48434930A4992329FFAB7C7B8 ] C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll - ok

11:17:23.0671 2952 [ 5E6162C9E9B56ECB4EB323436165ABA6 ] C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll - ok

11:17:23.0671 2952 [ 7BF25CE72FDAE9145502459766C391AC ] C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll - ok

11:17:23.0671 2952 [ 9CAE50E7E5F4513151C4394EF0ADBD18 ] C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll - ok

11:17:23.0671 2952 [ 19738D06F0FEA843409C456F07F68DF9 ] C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll

11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll - ok

11:17:23.0687 2952 [ BA579C58DB2E90B1309D594776480E41 ] C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll - ok

11:17:23.0687 2952 [ B5E4ED1579EBED2E600BDD889A93CB0C ] C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll - ok

11:17:23.0687 2952 [ C033C4A259CFE9D392455755C6F5D44F ] C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll - ok

11:17:23.0687 2952 [ 7B40AE9B3B9D6F1A3CC2A42F8A809F45 ] C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll - ok

11:17:23.0687 2952 [ EE8681F8FF1A3BC2ABB8FCDAFE62A8A2 ] C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll - ok

11:17:23.0687 2952 [ FC061EBC804BF83DD729B0077514DC73 ] C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll - ok

11:17:23.0687 2952 [ 285B47EAD7A8D8F01120170F3C513F89 ] C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll - ok

11:17:23.0687 2952 [ 36D4F70629990ABEAD2F52BAAA1B8C19 ] C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll - ok

11:17:23.0687 2952 [ 3852FF230E9ABA1E18C670FA891BA409 ] C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll - ok

11:17:23.0687 2952 [ 8990207AE499C7D8ED5BE62DBCF02283 ] C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll - ok

11:17:23.0687 2952 [ C6755C665A01532D3C771FB0CC929EEF ] C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll - ok

11:17:23.0687 2952 [ 71AA893314D164F483EA6E9FBE815B87 ] C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll

11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll - ok

11:17:23.0703 2952 [ B7423E099AE3DDCE20E5AD3CAD4B71F9 ] C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll - ok

11:17:23.0703 2952 [ 9DA1F44786834B4961309BFD60F18248 ] C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll - ok

11:17:23.0703 2952 [ 11262E9F8455E5F30C69E917E0103E01 ] C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll - ok

11:17:23.0703 2952 [ 9EA2D216C448D570A12694743D1F3518 ] C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll - ok

11:17:23.0703 2952 [ 3FE418C9408EA5FC2B740B2CAABC71E1 ] C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll - ok

11:17:23.0703 2952 [ DA4569BF80F3AEF8D09A7E01C2DD8FB8 ] C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll - ok

11:17:23.0703 2952 [ 988A84A1E59647390044170E33D5337F ] C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll

11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll - ok

11:17:23.0703 2952 ============================================================

11:17:23.0703 2952 Scan finished

11:17:23.0703 2952 ============================================================

11:17:23.0703 2944 Detected object count: 0

11:17:23.0703 2944 Actual detected object count: 0

Link to post
Share on other sites

Good morning steveopeo,

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

Please paste the contents of both logs in your reply.

Link to post
Share on other sites

ComboFix 13-01-08.01 - NEIL'S 01/09/2013 16:54:17.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2690 [GMT -7:00]

Running from: c:\documents and settings\NEIL'S\My Documents\Downloads\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

c:\documents and settings\NEIL'S\My Documents\wpabaln.exe

C:\prefs.js

c:\windows\system32\Cache

c:\windows\system32\Cache\262643b75c37f5ca.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\48d67d4b09e3cbf2.fb

c:\windows\system32\Cache\52956e87180d8fe0.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\63ef0dbca4051940.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\68ad56a4659b4a48.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\c9edfb3dbcb25b7e.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\e8bcb6954ecca995.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\service

c:\windows\system32\service\02072011_TIS17_SfFniAU.log

c:\windows\system32\service\04012011_TIS17_SfFniAU.log

c:\windows\system32\service\04122009_TIS17_SfFniAU.log

c:\windows\system32\service\05012011_TIS17_SfFniAU.log

c:\windows\system32\service\07042011_TIS17_SfFniAU.log

c:\windows\system32\service\10102010_TIS17_SfFniAU.log

c:\windows\system32\service\11102010_TIS17_SfFniAU.log

c:\windows\system32\service\12012010_TIS17_SfFniAU.log

c:\windows\system32\service\13012011_TIS17_SfFniAU.log

c:\windows\system32\service\13022010_TIS17_SfFniAU.log

c:\windows\system32\service\13032010_TIS17_SfFniAU.log

c:\windows\system32\service\14032011_TIS17_SfFniAU.log

c:\windows\system32\service\16052009_TIS17_SfFniAU.log

c:\windows\system32\service\17102010_TIS17_SfFniAU.log

c:\windows\system32\service\18032011_TIS17_SfFniAU.log

c:\windows\system32\service\19122009_TIS17_SfFniAU.log

c:\windows\system32\service\20012011_TIS17_SfFniAU.log

c:\windows\system32\service\20022010_TIS17_SfFniAU.log

c:\windows\system32\service\20032011_TIS17_SfFniAU.log

c:\windows\system32\service\22062009_TIS17_SfFniAU.log

c:\windows\system32\service\24052011_TIS17_SfFniAU.log

c:\windows\system32\service\24072009_TIS17_SfFniAU.log

c:\windows\system32\service\26022011_TIS17_SfFniAU.log

c:\windows\system32\service\26032011_TIS17_SfFniAU.log

c:\windows\system32\service\26102010_TIS17_SfFniAU.log

c:\windows\system32\service\27032011_TIS17_SfFniAU.log

c:\windows\system32\service\27112009_TIS17_SfFniAU.log

c:\windows\system32\service\30102010_TIS17_SfFniAU.log

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))

.

.

2013-01-03 00:02 . 2013-01-03 00:02 181808 ----a-w- c:\windows\RegBootClean.exe

2013-01-01 06:40 . 2013-01-01 06:40 -------- d-----w- c:\program files\WinPcap

2013-01-01 05:20 . 2013-01-01 05:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ErrorEND

2012-12-31 19:46 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-31 19:36 . 2012-12-31 19:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro

2012-12-31 19:23 . 2012-12-31 19:23 -------- d-----w- c:\windows\system32\wbem\Repository

2012-12-29 19:25 . 2012-12-29 19:30 -------- d-----w- c:\documents and settings\NEIL'S\Application Data\FixCleaner

2012-12-29 19:25 . 2012-12-29 19:40 -------- d-----w- c:\program files\FixCleaner

2012-12-29 18:53 . 2012-12-29 18:53 -------- d-----w- c:\program files\do not track

2012-12-29 18:51 . 2012-12-29 18:54 -------- d-----w- c:\program files\emsisoft

2012-12-29 06:41 . 2012-12-29 06:41 138864 ----a-w- c:\windows\system32\drivers\06413029.sys

2012-12-29 06:33 . 2012-12-29 06:37 -------- d-----w- c:\program files\mbar-anti rootkit

2012-12-29 05:30 . 2013-01-02 23:45 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\DoNotTrackPlus

2012-12-29 05:30 . 2012-12-29 05:30 -------- d-----w- c:\program files\DoNotTrackPlus

2012-12-29 05:25 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2012-12-29 05:20 . 2012-12-29 05:20 -------- d-----w- C:\TMRescueDisk

2012-12-29 05:13 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys

2012-12-29 05:13 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys

2012-12-29 05:13 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2012-12-29 05:13 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2012-12-29 05:13 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2012-12-29 05:13 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-12-29 05:13 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys

2012-12-29 05:12 . 2012-12-29 05:12 59 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-12-29 04:36 . 2012-12-29 04:36 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Trend Micro

2012-12-29 01:09 . 2012-12-29 01:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache

2012-12-26 08:20 . 2012-12-26 08:20 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS\IETldCache

2012-12-26 07:58 . 2012-12-29 04:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2012-12-26 07:58 . 2012-12-29 05:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-12-26 06:12 . 2012-12-26 06:12 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\Mozilla

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 23:32 . 2012-05-10 05:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-08 23:32 . 2011-07-30 17:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2007-07-27 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2007-07-27 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 01:03 . 2012-11-09 01:03 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-11-06 02:01 . 2009-08-20 00:07 1371648 ------w- c:\windows\system32\msxml6.dll

2012-11-02 02:02 . 2007-07-27 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec

2012-10-13 02:09 . 2012-12-02 04:41 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-11-29 08:27 . 2013-01-08 02:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe

.

c:\windows\System32\ctfmon.exe ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-12-31 19:25 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-12-31 1796552]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-13 160592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-12-31 997320]

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]

"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2008-05-28 15:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Fix-It Task Manager"=2 (0x2)

"TuneUp.UtilitiesSvc"=2 (0x2)

"NBService"=3 (0x3)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=

"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [12/28/2012 10:13 PM 38328]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:03 PM 26984]

R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [12/28/2012 10:13 PM 90808]

R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/28/2012 10:13 PM 75624]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:43 PM 464256]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [11/9/2012 3:49 PM 821592]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/28/2012 10:25 PM 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/28/2012 10:25 PM 1369624]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 9:34 AM 1527104]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:03 PM 711112]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4/6/2009 6:40 AM 37376]

R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [12/28/2012 10:13 PM 171064]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]

S1 A2DDA;A2 Direct Disk Access Support Driver; [x]

S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/28/2012 10:12 PM 221264]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/28/2012 10:25 PM 168384]

S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [11/9/2012 3:49 PM 246816]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [11/9/2012 3:49 PM 30408]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [11/9/2012 3:49 PM 16248]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [8/21/2011 2:28 PM 25704]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [8/21/2011 2:28 PM 25704]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [8/21/2011 2:28 PM 25704]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [8/21/2011 2:28 PM 25704]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [8/21/2011 2:28 PM 25704]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 23:32]

.

2013-01-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-29 21:08]

.

2012-12-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-29 21:07]

.

2012-12-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-29 21:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

TCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

FF - ProfilePath - c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - ExtSQL: 2012-12-28 22:12; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension

FF - ExtSQL: 2012-12-31 12:25; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextension

FF - ExtSQL: 2012-12-31 12:25; avg@toolbar; c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5

FF - ExtSQL: 2013-01-07 19:29; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension

FF - ExtSQL: 2013-01-08 15:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-10 - (no file)

Notify-SDWinLogon - SDWinLogon.dll

SafeBoot-22288891.sys

MSConfigStartUp-ctfmon - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-09 16:56

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-01-09 16:57:33

ComboFix-quarantined-files.txt 2013-01-09 23:57

.

Pre-Run: 234,116,800,512 bytes free

Post-Run: 234,471,432,192 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

[spybotsd]

timeout.old=4

.

- - End Of File - - D1EBCC530B4143FC54994BB513057BE8

Link to post
Share on other sites

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 17:05:45

# Updated 08/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : NEIL'S - HOME

# Boot Mode : Normal

# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMate

Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Premium

Folder Found : C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\NEIL'S\Application Data\imeshbandmltbpi

Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Conduit

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Program Files\Conduit

Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12563 octets] - [31/12/2012 12:17:12]

AdwCleaner[R2].txt - [5868 octets] - [09/01/2013 17:05:45]

AdwCleaner[s1].txt - [6452 octets] - [31/12/2012 12:17:54]

########## EOF - C:\AdwCleaner[R2].txt - [5988 octets] ##########

Link to post
Share on other sites

Hello steveopeo,

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

Does the issue remain?

Link to post
Share on other sites

the first time I ran AdwCleaner it didn't generate a report so I ran it a second time and it did. I downloaded firefox a few days ago and so far it has not been hijacked. IE isn't being redirected anymore but is having trouble loading certain webpages and is very slow.

# AdwCleaner v2.105 - Logfile created 01/10/2013 at 15:55:29

# Updated 08/01/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : NEIL'S - HOME

# Boot Mode : Normal

# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [6057 octets] - [09/01/2013 17:05:45]

AdwCleaner[s2].txt - [1044 octets] - [10/01/2013 15:55:29]

########## EOF - C:\AdwCleaner[s2].txt - [1104 octets] ##########

Link to post
Share on other sites

Hello steveopeo,

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Status: Deleted (events: 3)

1/11/2013 9:01:35 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\NEIL'S\Application Data\Sun\Java\Deployment\cache\6.0\29\2f44825d-2098a00f High

1/11/2013 9:01:35 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046134.exe High

1/11/2013 9:01:42 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046135.exe High

Link to post
Share on other sites

Hey steveopeo,

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Do any issues remain?

Link to post
Share on other sites