steveopevo Posted January 7, 2013 ID:631282 Share Posted January 7, 2013 my google homepage is being redirected to either a false yahoo site, facebook, or a blank page. I ran malware bytes and found trojans. the problem went away for a day and came back. I tried system restore and it came back again. I'm also getting runtime error 216 at 5003a116 when closing IE. please help. dds.txt attach.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 7, 2013 ID:631295 Share Posted January 7, 2013 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Please download Malwarebytes Anti-Rootkit here.Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Link to post Share on other sites More sharing options...
steveopevo Posted January 7, 2013 Author ID:631396 Share Posted January 7, 2013 thankyou for your help. I ran mbar, here are the logs.system-log.txtmbar-log-2013-01-07 (10-54-45).txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 7, 2013 ID:631424 Share Posted January 7, 2013 Good morning steveopevo,Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks! Link to post Share on other sites More sharing options...
steveopevo Posted January 7, 2013 Author ID:631437 Share Posted January 7, 2013 Malwarebytes Anti-Rootkit 1.01.0.1011www.malwarebytes.orgDatabase version: v2012.12.29.05Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)Internet Explorer 8.0.6001.18702NEIL'S :: HOME [administrator]12/28/2012 11:50:34 PMmbar-log-2012-12-28 (23-50-34).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 26348Time elapsed: 4 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
steveopevo Posted January 7, 2013 Author ID:631441 Share Posted January 7, 2013 Malwarebytes Anti-Rootkit 1.01.0.1011www.malwarebytes.orgDatabase version: v2013.01.07.07Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702NEIL'S :: HOME [administrator]1/7/2013 10:54:45 AMmbar-log-2013-01-07 (10-54-45).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 26397Time elapsed: 6 minute(s), 10 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
steveopevo Posted January 7, 2013 Author ID:631443 Share Posted January 7, 2013 the system-log.txt is too long to post here. Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 8, 2013 ID:631530 Share Posted January 8, 2013 If it is too long just use multiple posts. Link to post Share on other sites More sharing options...
steveopevo Posted January 8, 2013 Author ID:631766 Share Posted January 8, 2013 Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3172704256Could not load protection driver------------ Kernel report ------------ 12/28/2012 23:46:12------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllTMEBC32.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\l151x86.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\HPZius12.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk2\DR4Upper Device Object: 0xffffffff89e3b030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\00000090\Lower Device Object: 0xffffffff89e40be8Lower Device Driver Name: \Driver\USBSTOR\Driver name found: USBSTORDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8a28eab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\Lower Device Object: 0xffffffff8a380d98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a30aab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\Lower Device Object: 0xffffffff8a2f2940Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2012.12.29.05Downloaded database version: v2012.12.27.02Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a2993a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a30aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a37d9e8, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a2f2940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1dc6c08, 0xffffffff8a30aab8, 0xffffffff89c296c0Lower DeviceData: 0xffffffffe1af7920, 0xffffffff8a2f2940, 0xffffffff89cd7660<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 292EDB50Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 300069052416 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a309bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a28eab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a3197a0, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a380d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1bdf7a0, 0xffffffff8a28eab8, 0xffffffff89c2c550Lower DeviceData: 0xffffffffe1d90700, 0xffffffff8a380d98, 0xffffffff89c59a08Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 320072933376 bytesSector size: 512 bytesPhysical Sector Size: 512Drive: 2, DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff89e3be08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff89e3b030, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff89e40be8, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\------------ End ----------Upper DeviceData: 0xffffffffe1ed06d8, 0xffffffff89e3b030, 0xffffffff89c4eab8Lower DeviceData: 0xffffffffe1fdec30, 0xffffffff89e40be8, 0xffffffff89c4e658Drive 2Scanning MBR on drive 2...Inspecting partition table:MBR Signature: 55AADisk Signature: E423E423Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 128 Numsec = 7855872 Partition file system is NTFS Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 4022337024 bytesSector size: 512 bytesDone!Performing system, memory and registry scan...Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)Done!Scan finished======================================= Link to post Share on other sites More sharing options...
steveopevo Posted January 8, 2013 Author ID:631767 Share Posted January 8, 2013 Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 2882523136---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3039903744DDA Driver installation error.Driver installed on boot. Reboot required.System shutdown occurred=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3173933056------------ Kernel report ------------ 12/30/2012 19:56:49------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllTMEBC32.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\l151x86.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\HPZius12.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\Fastfat.SYS\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8a2d1870Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\Lower Device Object: 0xffffffff8a2cdd98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a2c2ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\Lower Device Object: 0xffffffff8a306940Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2012.12.31.01Downloaded database version: v2012.12.27.02Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a3193a0, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a2c2ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a2c9930, DeviceName: \Device\00000076\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a306940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1b52a88, 0xffffffff8a2c2ab8, 0xffffffff89c79608Lower DeviceData: 0xffffffffe1a8b428, 0xffffffff8a306940, 0xffffffff89c60d10<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 292EDB50Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 300069052416 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a30ce08, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a2d1870, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a313720, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a2cdd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1f169e0, 0xffffffff8a2d1870, 0xffffffff89c606f8Lower DeviceData: 0xffffffffe1bb6cd0, 0xffffffff8a2cdd98, 0xffffffff89c6c5b8Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 320072933376 bytesSector size: 512 bytesDone!Performing system, memory and registry scan...Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\610289e025a3ee9a__exp__1324075202" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1324075014" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1324075014" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)Done!Scan finished======================================= Link to post Share on other sites More sharing options...
steveopevo Posted January 8, 2013 Author ID:631768 Share Posted January 8, 2013 Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3053436928DDA driver is not installedDownloaded database version: v2012.12.31.02Initializing...Done!The system volume seems inaccessible or encrypted. Scan can't continue.=======================================Could not remove DDA driver---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 2830536704DDA Driver installation error.Driver installed on boot. Reboot required.System shutdown occurred=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86System is currently in a safe modeAccount is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3174916096------------ Kernel report ------------ 01/05/2013 19:21:09------------ Loaded modules -----------\WINDOWS\system32\ntoskrnl.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllTMEBC32.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\l151x86.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\HPZius12.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\framebuf.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\System32\Drivers\Fastfat.SYS\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8a27dab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\Lower Device Object: 0xffffffff8a309d98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a30cab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\Lower Device Object: 0xffffffff8a309940Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2013.01.06.01Downloaded database version: v2013.01.04.01Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a2d7b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a30cab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a31f9e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a309940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1eb07f8, 0xffffffff8a30cab8, 0xffffffff89c34850Lower DeviceData: 0xffffffffe1fb5468, 0xffffffff8a309940, 0xffffffff89c6e040<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 292EDB50 Link to post Share on other sites More sharing options...
steveopevo Posted January 8, 2013 Author ID:631770 Share Posted January 8, 2013 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 300069052416 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a280bc8, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a27dab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a327710, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a309d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1ddf5c0, 0xffffffff8a27dab8, 0xffffffff89c4c7e8Lower DeviceData: 0xffffffffe1f903c8, 0xffffffff8a309d98, 0xffffffff89cacbb8Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 320072933376 bytesSector size: 512 bytesDone!Performing system, memory and registry scan...Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)Done!Scan finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 2740338688------------ Kernel report ------------ 01/07/2013 10:48:17------------ Loaded modules -----------\WINDOWS\system32\ntkrnlpa.exe\WINDOWS\system32\hal.dll\WINDOWS\system32\KDCOM.DLL\WINDOWS\system32\BOOTVID.dllTMEBC32.sysACPI.sys\WINDOWS\system32\DRIVERS\WMILIB.SYSpci.sysisapnp.syspciide.sys\WINDOWS\system32\DRIVERS\PCIIDEX.SYSMountMgr.sysftdisk.sysdmload.sysdmio.sysPartMgr.sysVolSnap.sysatapi.sysdisk.sys\WINDOWS\system32\DRIVERS\CLASSPNP.SYSfltmgr.syssr.sysKSecDD.sysNtfs.sysNDIS.sysMup.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\nv4_mini.sys\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\redbook.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\DRIVERS\imapi.sys\SystemRoot\system32\DRIVERS\l151x86.sys\SystemRoot\system32\DRIVERS\fdc.sys\SystemRoot\system32\DRIVERS\ASACPI.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\audstub.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\psched.sys\SystemRoot\system32\DRIVERS\msgpc.sys\SystemRoot\system32\DRIVERS\ptilink.sys\SystemRoot\system32\DRIVERS\raspti.sys\SystemRoot\system32\DRIVERS\rdpdr.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\update.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\drivers\RtkHDAud.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\flpydisk.sys\SystemRoot\System32\Drivers\Fs_Rec.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\WINDOWS\system32\drivers\avgtpx86.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\Drivers\mnmdd.SYS\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\rasacd.sys\SystemRoot\system32\DRIVERS\tmeext.sys\SystemRoot\system32\DRIVERS\ipsec.sys\SystemRoot\system32\DRIVERS\tcpip.sys\SystemRoot\system32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\ipnat.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\System32\drivers\afd.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\tmcomm.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\tmevtmgr.sys\SystemRoot\system32\DRIVERS\tmactmon.sys\SystemRoot\system32\DRIVERS\tmtdi.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\System32\Drivers\Fips.SYS\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\drivers\AsIO.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\usbprint.sys\SystemRoot\system32\DRIVERS\HPZius12.sys\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\HPZid412.sys\SystemRoot\system32\DRIVERS\HPZipr12.sys\SystemRoot\System32\Drivers\Cdfs.SYS\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\watchdog.sys\SystemRoot\System32\drivers\dxg.sys\SystemRoot\System32\drivers\dxgthk.sys\SystemRoot\System32\nv4_disp.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\drivers\wdmaud.sys\SystemRoot\system32\drivers\sysaudio.sys\SystemRoot\system32\DRIVERS\srv.sys\??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys\??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys\SystemRoot\System32\Drivers\HTTP.sys\SystemRoot\system32\DRIVERS\tmnciesc.sys\SystemRoot\system32\drivers\kmixer.sys\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys\WINDOWS\system32\ntdll.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff8a6a0ab8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-24\Lower Device Object: 0xffffffff8a691d98Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDriverEntry returned 0x0Function returned 0x0<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff8a6a0030Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-19\Lower Device Object: 0xffffffff8a6a1940Lower Device Driver Name: \Driver\atapi\Driver name found: atapiDownloaded database version: v2013.01.06.02Downloaded database version: v2013.01.06.03Downloaded database version: v2013.01.06.04Downloaded database version: v2013.01.06.05Downloaded database version: v2013.01.06.06Downloaded database version: v2013.01.06.07Downloaded database version: v2013.01.06.08Downloaded database version: v2013.01.07.01Downloaded database version: v2013.01.07.02Downloaded database version: v2013.01.07.03Downloaded database version: v2013.01.07.04Downloaded database version: v2013.01.07.05Downloaded database version: v2013.01.07.06Downloaded database version: v2013.01.07.07Initializing...Done!<<<2>>>Device number: 0, partition: 1Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a6a4b70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a6a0030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6a39e8, DeviceName: \Device\00000077\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a6a1940, DeviceName: \Device\Ide\IdeDeviceP2T0L0-19\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe1191248, 0xffffffff8a6a0030, 0xffffffff8947d040Lower DeviceData: 0xffffffffe329a140, 0xffffffff8a6a1940, 0xffffffff8a44b040<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\WINDOWS\system32\drivers...Read File: File "C:\WINDOWS\system32\drivers\1394bus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ALCXSENS.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\enum1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ASUSHWIO.SYS" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ulsata.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\ohci1394.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 292EDB50 Link to post Share on other sites More sharing options...
steveopevo Posted January 8, 2013 Author ID:631771 Share Posted January 8, 2013 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 586051137 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 300069052416 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-586052368-586072368)...Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff8a67eb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\DevicePointer: 0xffffffff8a6a0ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff8a6fa778, DeviceName: \Device\00000078\, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff8a691d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-24\, DriverName: \Driver\atapi\------------ End ----------Upper DeviceData: 0xffffffffe3083338, 0xffffffff8a6a0ab8, 0xffffffff893a9ab8Lower DeviceData: 0xffffffffe106ad00, 0xffffffff8a691d98, 0xffffffff898cf398Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: 1Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 625137282 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 320072933376 bytesSector size: 512 bytesDone!Performing system, memory and registry scan...Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files\185A8200-D52F-C9EE-60B7-4DDA2FF02B3F.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation\Diskeeper\EsmLog.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink\Analysis Results.c35f8eb5" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.OIS.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\Hx_1033_MValidator.Lck" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.EXCEL.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.GRAPH.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.MSTORE.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.POWERPNT.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.RIBBON.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.SETLANG.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help\MS.WINWORD.DEV.12.1033.hxn" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f1.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f2.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\Nero Container\f5.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\ISOWorkshop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{424BF06D-500E-42B4-80C6-F2DA6A9D21BE}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{4715A7E8-EBC5-4F37-8370-EE8C5B916770}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{679556DF-DAAD-4902-93F3-7CF46E275A03}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{9C1980FB-5C83-4871-A07A-85ED457F3727}{428995B5-27DE-41BB-97DB-FEF57894AD8B}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\Nero WaveEditor\{AEE4594F-85BF-4A32-AA5D-3EC6E9DF48D9}.pre" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\Direct3D.log" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\GCHWCfg.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-am.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-mtmpl.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Ahead\NeroVision\nve-vobmap.bin" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Amazon\MP3 Downloader\DownloadQueue.amz" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Garmin\Map Update\NETInstall.txt" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\AutoSweep.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\IObit\Advanced SystemCare V4\Ignore.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Leadertech\PowerRegister\PowerReg.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\CUSTOM.DIC" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Microsoft\UProof\ExcludeDictionaryEN0409.lex" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\Office Genuine Advantage\data\oaddin.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\CACHEDIR.TAG" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\uPlayer\ml.xspf" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Application Data\vlc\vlc-qt-interface.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)Read File: File "C:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)Read File: File "C:\$RECYCLE.BIN\S-1-5-21-40208656-2625371757-3102922668-1000\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\login.cmd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\Internet.evt" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q3N5L6RM\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WM240OST\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\NeroDigital.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\WININIT.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroBackItUp.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroMediaHome.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroShowTime.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNNeroVision.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\UNRecode.cfg" is compressed (flags = 1)Read File: File "C:\WINDOWS\QUICKEN.INI" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\ICSharpCode.SharpZipLib\0.84.0.0__1b03e6acf1164f73\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\MicrosoftUpdateCatalogWebControl.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\swflash.inf" is compressed (flags = 1)Read File: File "C:\WINDOWS\Fonts\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)Read File: File "C:\WINDOWS\Installer\Microsoft.VC80.ATL.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.mof.uninstall" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_regsql.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ieexec.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regsvcs.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ilasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\regasm.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\XPThemes.manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\webAdminNoNavBar.master" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInProcess32.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\AddInUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\csc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\DataSvcUtil.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\default.win32manifest" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\EdmGen.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v3.5\vbc.exe.config" is compressed (flags = 1)Read File: File "C:\WINDOWS\Tasks\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.dat" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Adobe\Updater6\bobcache.sig" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\shistory.im" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Statistics.xml" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1040.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\1050.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\27.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\28.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\30.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\33.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\35.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\CreativesFiles\36.gif" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\iMesh\Data\rjn.a92" is compressed (flags = 1)Read File: File "C:\Documents and Settings\NEIL'S\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)Done!Scan finished=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.01.0.1011© Malwarebytes Corporation 2011-2012OS version: 5.1.2600 Windows XP Service Pack 3 x86Account is AdministrativeInternet Explorer version: 8.0.6001.18702Java version: 1.6.0_26File system is: NTFSDisk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXEDCPU speed: 3.172000 GHzMemory total: 3488657408, free: 3046379520 Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 9, 2013 ID:631964 Share Posted January 9, 2013 Hello steveopevo,Please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click Change parameters.Make sure you check the box Loaded modules.A window will popup and say Reboot is required. Please click Reboot now.Then click Change parameters again. Check the box Detect TDLFS file system.Click on the Start Scan button.If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. If you are asked to reboot the computer to complete the process, click on the Reboot Now button.Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Link to post Share on other sites More sharing options...
steveopevo Posted January 9, 2013 Author ID:632160 Share Posted January 9, 2013 11:14:31.0609 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3511:14:32.0140 2668 ============================================================11:14:32.0140 2668 Current date / time: 2013/01/09 11:14:32.014011:14:32.0140 2668 SystemInfo:11:14:32.0140 2668 11:14:32.0140 2668 OS Version: 5.1.2600 ServicePack: 3.011:14:32.0140 2668 Product type: Workstation11:14:32.0140 2668 ComputerName: HOME11:14:32.0140 2668 UserName: NEIL'S11:14:32.0140 2668 Windows directory: C:\WINDOWS11:14:32.0140 2668 System windows directory: C:\WINDOWS11:14:32.0140 2668 Processor architecture: Intel x8611:14:32.0140 2668 Number of processors: 211:14:32.0140 2668 Page size: 0x100011:14:32.0140 2668 Boot type: Normal boot11:14:32.0140 2668 ============================================================11:14:33.0250 2668 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:14:33.0265 2668 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:14:33.0406 2668 ============================================================11:14:33.0406 2668 \Device\Harddisk0\DR0:11:14:33.0406 2668 MBR partitions:11:14:33.0406 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E4111:14:33.0406 2668 \Device\Harddisk1\DR1:11:14:33.0406 2668 MBR partitions:11:14:33.0406 2668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D68211:14:33.0406 2668 ============================================================11:14:33.0421 2668 C: <-> \Device\Harddisk0\DR0\Partition111:14:33.0437 2668 F: <-> \Device\Harddisk1\DR1\Partition111:14:33.0437 2668 ============================================================11:14:33.0437 2668 Initialize success11:14:33.0437 2668 ============================================================11:14:59.0171 3464 Deinitialize success Link to post Share on other sites More sharing options...
steveopevo Posted January 9, 2013 Author ID:632166 Share Posted January 9, 2013 11:16:47.0031 3336 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3511:16:47.0781 3336 ============================================================11:16:47.0781 3336 Current date / time: 2013/01/09 11:16:47.078111:16:47.0781 3336 SystemInfo:11:16:47.0781 3336 11:16:47.0781 3336 OS Version: 5.1.2600 ServicePack: 3.011:16:47.0781 3336 Product type: Workstation11:16:47.0781 3336 ComputerName: HOME11:16:47.0781 3336 UserName: NEIL'S11:16:47.0781 3336 Windows directory: C:\WINDOWS11:16:47.0781 3336 System windows directory: C:\WINDOWS11:16:47.0781 3336 Processor architecture: Intel x8611:16:47.0781 3336 Number of processors: 211:16:47.0781 3336 Page size: 0x100011:16:47.0781 3336 Boot type: Normal boot11:16:47.0781 3336 ============================================================11:16:48.0890 3336 BG loaded11:16:49.0218 3336 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:16:49.0218 3336 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005411:16:49.0234 3336 ============================================================11:16:49.0234 3336 \Device\Harddisk0\DR0:11:16:49.0234 3336 MBR partitions:11:16:49.0234 3336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EE6E4111:16:49.0234 3336 \Device\Harddisk1\DR1:11:16:49.0234 3336 MBR partitions:11:16:49.0234 3336 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D68211:16:49.0234 3336 ============================================================11:16:49.0281 3336 C: <-> \Device\Harddisk0\DR0\Partition111:16:49.0296 3336 F: <-> \Device\Harddisk1\DR1\Partition111:16:49.0296 3336 ============================================================11:16:49.0296 3336 Initialize success11:16:49.0296 3336 ============================================================11:17:13.0984 2952 ============================================================11:17:13.0984 2952 Scan started11:17:13.0984 2952 Mode: Manual; TDLFS;11:17:13.0984 2952 ============================================================11:17:14.0250 2952 ================ Scan system memory ========================11:17:14.0250 2952 System memory - ok11:17:14.0250 2952 ================ Scan services =============================11:17:14.0312 2952 A2DDA - ok11:17:14.0312 2952 Abiosdsk - ok11:17:14.0312 2952 abp480n5 - ok11:17:14.0328 2952 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys11:17:14.0328 2952 ACPI - ok11:17:14.0343 2952 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys11:17:14.0343 2952 ACPIEC - ok11:17:14.0375 2952 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe11:17:14.0375 2952 AdobeFlashPlayerUpdateSvc - ok11:17:14.0375 2952 adpu160m - ok11:17:14.0421 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe11:17:14.0421 2952 AdvancedSystemCareService6 - ok11:17:14.0437 2952 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys11:17:14.0437 2952 aec - ok11:17:14.0453 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys11:17:14.0453 2952 AFD - ok11:17:14.0453 2952 Aha154x - ok11:17:14.0468 2952 aic78u2 - ok11:17:14.0468 2952 aic78xx - ok11:17:14.0484 2952 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll11:17:14.0484 2952 Alerter - ok11:17:14.0484 2952 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe11:17:14.0484 2952 ALG - ok11:17:14.0500 2952 AliIde - ok11:17:14.0500 2952 amsint - ok11:17:14.0546 2952 [ F52603B708438E39FF38475807A01CBC ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe11:17:14.0546 2952 Amsp - ok11:17:14.0562 2952 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll11:17:14.0562 2952 AppMgmt - ok11:17:14.0562 2952 asc - ok11:17:14.0562 2952 asc3350p - ok11:17:14.0578 2952 asc3550 - ok11:17:14.0578 2952 [ 663F2FB92608073824EE3106886120F3 ] AsIO C:\WINDOWS\system32\drivers\AsIO.sys11:17:14.0578 2952 AsIO - ok11:17:14.0625 2952 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe11:17:14.0640 2952 aspnet_state - ok11:17:14.0656 2952 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys11:17:14.0656 2952 AsyncMac - ok11:17:14.0671 2952 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys11:17:14.0671 2952 atapi - ok11:17:14.0687 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] AtcL001 C:\WINDOWS\system32\DRIVERS\l151x86.sys11:17:14.0687 2952 AtcL001 - ok11:17:14.0687 2952 Atdisk - ok11:17:14.0687 2952 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys11:17:14.0687 2952 Atmarpc - ok11:17:14.0703 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll11:17:14.0703 2952 AudioSrv - ok11:17:14.0718 2952 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys11:17:14.0718 2952 audstub - ok11:17:14.0734 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys11:17:14.0734 2952 avgtp - ok11:17:14.0734 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys11:17:14.0750 2952 Beep - ok11:17:14.0765 2952 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll11:17:14.0781 2952 BITS - ok11:17:14.0796 2952 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll11:17:14.0796 2952 Browser - ok11:17:14.0812 2952 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys11:17:14.0812 2952 cbidf2k - ok11:17:14.0812 2952 cd20xrnt - ok11:17:14.0812 2952 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys11:17:14.0812 2952 Cdaudio - ok11:17:14.0828 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys11:17:14.0828 2952 Cdfs - ok11:17:14.0828 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys11:17:14.0828 2952 Cdrom - ok11:17:14.0843 2952 Changer - ok11:17:14.0859 2952 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe11:17:14.0859 2952 CiSvc - ok11:17:14.0859 2952 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe11:17:14.0859 2952 ClipSrv - ok11:17:14.0875 2952 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:17:14.0921 2952 clr_optimization_v2.0.50727_32 - ok11:17:14.0937 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:17:14.0953 2952 clr_optimization_v4.0.30319_32 - ok11:17:14.0953 2952 CmdIde - ok11:17:14.0953 2952 COMSysApp - ok11:17:14.0953 2952 Cpqarray - ok11:17:14.0968 2952 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll11:17:14.0968 2952 CryptSvc - ok11:17:14.0968 2952 dac2w2k - ok11:17:14.0984 2952 dac960nt - ok11:17:15.0000 2952 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll11:17:15.0000 2952 DcomLaunch - ok11:17:15.0015 2952 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll11:17:15.0015 2952 Dhcp - ok11:17:15.0031 2952 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys11:17:15.0031 2952 Disk - ok11:17:15.0062 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe11:17:15.0078 2952 Diskeeper - ok11:17:15.0078 2952 dmadmin - ok11:17:15.0109 2952 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys11:17:15.0125 2952 dmboot - ok11:17:15.0125 2952 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys11:17:15.0125 2952 dmio - ok11:17:15.0140 2952 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys11:17:15.0140 2952 dmload - ok11:17:15.0140 2952 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll11:17:15.0156 2952 dmserver - ok11:17:15.0156 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys11:17:15.0156 2952 DMusic - ok11:17:15.0171 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll11:17:15.0171 2952 Dnscache - ok11:17:15.0187 2952 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll11:17:15.0187 2952 Dot3svc - ok11:17:15.0187 2952 dpti2o - ok11:17:15.0203 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys11:17:15.0203 2952 drmkaud - ok11:17:15.0218 2952 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll11:17:15.0218 2952 EapHost - ok11:17:15.0234 2952 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll11:17:15.0234 2952 ERSvc - ok11:17:15.0234 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe11:17:15.0234 2952 Eventlog - ok11:17:15.0250 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll11:17:15.0265 2952 EventSystem - ok11:17:15.0265 2952 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys11:17:15.0265 2952 Fastfat - ok11:17:15.0296 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll11:17:15.0296 2952 FastUserSwitchingCompatibility - ok11:17:15.0312 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys11:17:15.0312 2952 Fdc - ok11:17:15.0359 2952 [ 9200A69413D69AB86ADD9BC81960BE7B ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys11:17:15.0359 2952 FileMonitor - ok11:17:15.0375 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys11:17:15.0375 2952 Fips - ok11:17:15.0390 2952 Fix-It Task Manager - ok11:17:15.0390 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys11:17:15.0390 2952 Flpydisk - ok11:17:15.0406 2952 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys11:17:15.0421 2952 FltMgr - ok11:17:15.0437 2952 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe11:17:15.0437 2952 FontCache3.0.0.0 - ok11:17:15.0437 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys11:17:15.0437 2952 Fs_Rec - ok11:17:15.0453 2952 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys11:17:15.0453 2952 Ftdisk - ok11:17:15.0453 2952 GMSIPCI - ok11:17:15.0468 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys11:17:15.0468 2952 Gpc - ok11:17:15.0484 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys11:17:15.0484 2952 HDAudBus - ok11:17:15.0515 2952 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll11:17:15.0515 2952 helpsvc - ok11:17:15.0531 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll11:17:15.0531 2952 HidServ - ok11:17:15.0531 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys11:17:15.0531 2952 hidusb - ok11:17:15.0546 2952 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll11:17:15.0546 2952 hkmsvc - ok11:17:15.0593 2952 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE11:17:15.0593 2952 HP Port Resolver - ok11:17:15.0609 2952 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE11:17:15.0609 2952 HP Status Server - ok11:17:15.0609 2952 hpn - ok11:17:15.0625 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys11:17:15.0625 2952 HPZid412 - ok11:17:15.0640 2952 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys11:17:15.0640 2952 HPZipr12 - ok11:17:15.0640 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys11:17:15.0640 2952 HPZius12 - ok11:17:15.0656 2952 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys11:17:15.0656 2952 HTTP - ok11:17:15.0671 2952 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll11:17:15.0671 2952 HTTPFilter - ok11:17:15.0671 2952 i2omgmt - ok11:17:15.0671 2952 i2omp - ok11:17:15.0671 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys11:17:15.0671 2952 i8042prt - ok11:17:15.0718 2952 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe11:17:15.0718 2952 IDriverT - ok11:17:15.0734 2952 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe11:17:15.0750 2952 idsvc - ok11:17:15.0765 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys11:17:15.0765 2952 Imapi - ok11:17:15.0796 2952 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe11:17:15.0812 2952 ImapiService - ok11:17:15.0875 2952 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe11:17:15.0875 2952 IMFservice - ok11:17:15.0890 2952 ini910u - ok11:17:16.0000 2952 [ 976BFBACF0099565B14810D4840CFC6F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys11:17:16.0015 2952 IntcAzAudAddService - ok11:17:16.0015 2952 IntelIde - ok11:17:16.0031 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys11:17:16.0031 2952 intelppm - ok11:17:16.0046 2952 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys11:17:16.0046 2952 Ip6Fw - ok11:17:16.0062 2952 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys11:17:16.0062 2952 IpFilterDriver - ok11:17:16.0078 2952 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys11:17:16.0093 2952 IpInIp - ok11:17:16.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys11:17:16.0109 2952 IpNat - ok11:17:16.0109 2952 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys11:17:16.0109 2952 IPSec - ok11:17:16.0125 2952 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys11:17:16.0125 2952 IRENUM - ok11:17:16.0140 2952 [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir C:\WINDOWS\system32\DRIVERS\irsir.sys11:17:16.0140 2952 irsir - ok11:17:16.0156 2952 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys11:17:16.0156 2952 isapnp - ok11:17:16.0203 2952 [ 9DBA73C2F1E76EC4CB837E67C5743596 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe11:17:16.0203 2952 JavaQuickStarterService - ok11:17:16.0218 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys11:17:16.0218 2952 Kbdclass - ok11:17:16.0218 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys11:17:16.0218 2952 kbdhid - ok11:17:16.0218 2952 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys11:17:16.0218 2952 kmixer - ok11:17:16.0234 2952 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys11:17:16.0234 2952 KSecDD - ok11:17:16.0250 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll11:17:16.0250 2952 lanmanserver - ok11:17:16.0265 2952 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll11:17:16.0265 2952 lanmanworkstation - ok11:17:16.0265 2952 lbrtfdc - ok11:17:16.0265 2952 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll11:17:16.0281 2952 LmHosts - ok11:17:16.0281 2952 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll11:17:16.0281 2952 Messenger - ok11:17:16.0296 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys11:17:16.0296 2952 mnmdd - ok11:17:16.0328 2952 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe11:17:16.0328 2952 mnmsrvc - ok11:17:16.0343 2952 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys11:17:16.0343 2952 Modem - ok11:17:16.0359 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys11:17:16.0359 2952 Mouclass - ok11:17:16.0390 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys11:17:16.0390 2952 mouhid - ok11:17:16.0390 2952 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys11:17:16.0390 2952 MountMgr - ok11:17:16.0406 2952 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe11:17:16.0406 2952 MozillaMaintenance - ok11:17:16.0406 2952 mraid35x - ok11:17:16.0421 2952 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys11:17:16.0421 2952 MRxDAV - ok11:17:16.0468 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys11:17:16.0468 2952 MRxSmb - ok11:17:16.0484 2952 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe11:17:16.0484 2952 MSDTC - ok11:17:16.0500 2952 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys11:17:16.0500 2952 Msfs - ok11:17:16.0500 2952 MSICPL - ok11:17:16.0500 2952 MSIServer - ok11:17:16.0515 2952 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys11:17:16.0515 2952 MSKSSRV - ok11:17:16.0531 2952 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys11:17:16.0531 2952 MSPCLOCK - ok11:17:16.0546 2952 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys11:17:16.0546 2952 MSPQM - ok11:17:16.0562 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys11:17:16.0562 2952 mssmbios - ok11:17:16.0578 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys11:17:16.0578 2952 MTsensor - ok11:17:16.0593 2952 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys11:17:16.0593 2952 Mup - ok11:17:16.0625 2952 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll11:17:16.0640 2952 napagent - ok11:17:16.0703 2952 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe11:17:16.0734 2952 NBService - ok11:17:16.0765 2952 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys11:17:16.0781 2952 NDIS - ok11:17:16.0796 2952 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys11:17:16.0796 2952 NdisTapi - ok11:17:16.0796 2952 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys11:17:16.0796 2952 Ndisuio - ok11:17:16.0812 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys11:17:16.0828 2952 NdisWan - ok11:17:16.0828 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys11:17:16.0828 2952 NDProxy - ok11:17:16.0843 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys11:17:16.0843 2952 NetBIOS - ok11:17:16.0859 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys11:17:16.0859 2952 NetBT - ok11:17:16.0875 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe11:17:16.0890 2952 NetDDE - ok11:17:16.0890 2952 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe11:17:16.0890 2952 NetDDEdsdm - ok11:17:16.0906 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe11:17:16.0906 2952 Netlogon - ok11:17:16.0921 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll11:17:16.0921 2952 Netman - ok11:17:16.0937 2952 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe11:17:16.0937 2952 NetTcpPortSharing - ok11:17:16.0953 2952 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll11:17:16.0953 2952 Nla - ok11:17:17.0015 2952 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe11:17:17.0031 2952 NMIndexingService - ok11:17:17.0046 2952 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\npf.sys11:17:17.0062 2952 NPF - ok11:17:17.0062 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys11:17:17.0062 2952 Npfs - ok11:17:17.0062 2952 NTACCESS - ok11:17:17.0093 2952 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys11:17:17.0125 2952 Ntfs - ok11:17:17.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe11:17:17.0125 2952 NtLmSsp - ok11:17:17.0140 2952 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll11:17:17.0156 2952 NtmsSvc - ok11:17:17.0156 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys11:17:17.0156 2952 Null - ok11:17:17.0421 2952 [ ED9816DBAF6689542EA7D022631906A1 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys11:17:17.0453 2952 nv - ok11:17:17.0484 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe11:17:17.0484 2952 NVSvc - ok11:17:17.0500 2952 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys11:17:17.0515 2952 NwlnkFlt - ok11:17:17.0531 2952 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys11:17:17.0531 2952 NwlnkFwd - ok11:17:17.0593 2952 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE11:17:17.0593 2952 odserv - ok11:17:17.0625 2952 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:17:17.0625 2952 ose - ok11:17:17.0640 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys11:17:17.0640 2952 Parport - ok11:17:17.0656 2952 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys11:17:17.0656 2952 PartMgr - ok11:17:17.0671 2952 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys11:17:17.0671 2952 ParVdm - ok11:17:17.0671 2952 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys11:17:17.0671 2952 PCI - ok11:17:17.0671 2952 PCIDump - ok11:17:17.0687 2952 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys11:17:17.0687 2952 PCIIde - ok11:17:17.0703 2952 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys11:17:17.0718 2952 Pcmcia - ok11:17:17.0718 2952 PDCOMP - ok11:17:17.0718 2952 PDFRAME - ok11:17:17.0718 2952 PDRELI - ok11:17:17.0718 2952 PDRFRAME - ok11:17:17.0718 2952 perc2 - ok11:17:17.0718 2952 perc2hib - ok11:17:17.0734 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe11:17:17.0734 2952 PLFlash DeviceIoControl Service - ok11:17:17.0750 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe11:17:17.0750 2952 PlugPlay - ok11:17:17.0765 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe11:17:17.0765 2952 Pml Driver HPZ12 - ok11:17:17.0765 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe11:17:17.0765 2952 PolicyAgent - ok11:17:17.0781 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys11:17:17.0781 2952 PptpMiniport - ok11:17:17.0781 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe11:17:17.0781 2952 ProtectedStorage - ok11:17:17.0781 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys11:17:17.0781 2952 PSched - ok11:17:17.0796 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys11:17:17.0796 2952 Ptilink - ok11:17:17.0796 2952 ql1080 - ok11:17:17.0796 2952 Ql10wnt - ok11:17:17.0796 2952 ql12160 - ok11:17:17.0796 2952 ql1240 - ok11:17:17.0796 2952 ql1280 - ok11:17:17.0812 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys11:17:17.0812 2952 RasAcd - ok11:17:17.0843 2952 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll11:17:17.0843 2952 RasAuto - ok11:17:17.0859 2952 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys11:17:17.0875 2952 Rasirda - ok11:17:17.0875 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys11:17:17.0875 2952 Rasl2tp - ok11:17:17.0890 2952 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll11:17:17.0890 2952 RasMan - ok11:17:17.0890 2952 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys11:17:17.0890 2952 RasPppoe - ok11:17:17.0906 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys11:17:17.0906 2952 Raspti - ok11:17:17.0937 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys11:17:17.0937 2952 Rdbss - ok11:17:17.0953 2952 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys11:17:17.0953 2952 RDPCDD - ok11:17:17.0968 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys11:17:17.0968 2952 rdpdr - ok11:17:17.0984 2952 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys11:17:17.0984 2952 RDPWD - ok11:17:18.0000 2952 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe11:17:18.0000 2952 RDSessMgr - ok11:17:18.0015 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys11:17:18.0015 2952 redbook - ok11:17:18.0015 2952 [ D03FA5EC6B855FEE1EE16C5B0C0BA42C ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys11:17:18.0015 2952 RegFilter - ok11:17:18.0031 2952 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll11:17:18.0031 2952 RemoteAccess - ok11:17:18.0046 2952 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll11:17:18.0046 2952 RemoteRegistry - ok11:17:18.0062 2952 [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe11:17:18.0062 2952 rpcapd - ok11:17:18.0078 2952 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe11:17:18.0078 2952 RpcLocator - ok11:17:18.0093 2952 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll11:17:18.0093 2952 RpcSs - ok11:17:18.0109 2952 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe11:17:18.0109 2952 RSVP - ok11:17:18.0125 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe11:17:18.0125 2952 SamSs - ok11:17:18.0125 2952 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe11:17:18.0140 2952 SCardSvr - ok11:17:18.0156 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll11:17:18.0156 2952 Schedule - ok11:17:18.0250 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe11:17:18.0250 2952 SDScannerService - ok11:17:18.0843 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe11:17:18.0875 2952 SDUpdateService - ok11:17:18.0906 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe11:17:18.0921 2952 SDWSCService - ok11:17:19.0187 2952 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys11:17:19.0203 2952 Secdrv - ok11:17:19.0218 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll11:17:19.0218 2952 seclogon - ok11:17:19.0312 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll11:17:19.0312 2952 SENS - ok11:17:19.0421 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys11:17:19.0421 2952 serenum - ok11:17:19.0468 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys11:17:19.0484 2952 Serial - ok11:17:19.0484 2952 SetupNTGLM7X - ok11:17:19.0500 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys11:17:19.0500 2952 Sfloppy - ok11:17:19.0703 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll11:17:19.0703 2952 SharedAccess - ok11:17:19.0750 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll11:17:19.0750 2952 ShellHWDetection - ok11:17:19.0750 2952 Simbad - ok11:17:19.0765 2952 Sparrow - ok11:17:19.0781 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys11:17:19.0781 2952 splitter - ok11:17:19.0796 2952 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe11:17:19.0812 2952 Spooler - ok11:17:19.0843 2952 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys11:17:19.0843 2952 sr - ok11:17:19.0875 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll11:17:19.0875 2952 srservice - ok11:17:19.0906 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys11:17:19.0906 2952 Srv - ok11:17:19.0921 2952 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll11:17:19.0921 2952 SSDPSRV - ok11:17:19.0968 2952 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll11:17:19.0984 2952 stisvc - ok11:17:20.0000 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys11:17:20.0000 2952 swenum - ok11:17:20.0015 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys11:17:20.0015 2952 swmidi - ok11:17:20.0015 2952 SwPrv - ok11:17:20.0015 2952 symc810 - ok11:17:20.0031 2952 symc8xx - ok11:17:20.0031 2952 sym_hi - ok11:17:20.0031 2952 sym_u3 - ok11:17:20.0031 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys11:17:20.0031 2952 sysaudio - ok11:17:20.0046 2952 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe11:17:20.0046 2952 SysmonLog - ok11:17:20.0062 2952 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll11:17:20.0078 2952 TapiSrv - ok11:17:20.0109 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys11:17:20.0109 2952 Tcpip - ok11:17:20.0125 2952 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys11:17:20.0140 2952 TDPIPE - ok11:17:20.0156 2952 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys11:17:20.0156 2952 TDTCP - ok11:17:20.0171 2952 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys11:17:20.0171 2952 TermDD - ok11:17:20.0218 2952 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll11:17:20.0234 2952 TermService - ok11:17:20.0234 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll11:17:20.0234 2952 Themes - ok11:17:20.0250 2952 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe11:17:20.0250 2952 TlntSvr - ok11:17:20.0281 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] tmactmon C:\WINDOWS\system32\DRIVERS\tmactmon.sys11:17:20.0281 2952 tmactmon - ok11:17:20.0421 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] tmcomm C:\WINDOWS\system32\DRIVERS\tmcomm.sys11:17:20.0421 2952 tmcomm - ok11:17:20.0437 2952 [ 21992E703051934DCFA6D1477B12FC41 ] TMEBC C:\WINDOWS\system32\DRIVERS\TMEBC32.sys11:17:20.0437 2952 TMEBC - ok11:17:20.0453 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] tmeext C:\WINDOWS\system32\DRIVERS\tmeext.sys11:17:20.0453 2952 tmeext - ok11:17:20.0468 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] tmevtmgr C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys11:17:20.0468 2952 tmevtmgr - ok11:17:20.0468 2952 [ 0C40396F071A8092964C8DC951F62B17 ] tmnciesc C:\WINDOWS\system32\DRIVERS\tmnciesc.sys11:17:20.0484 2952 tmnciesc - ok11:17:20.0500 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys11:17:20.0500 2952 tmtdi - ok11:17:20.0500 2952 TosIde - ok11:17:20.0515 2952 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll11:17:20.0515 2952 TrkWks - ok11:17:20.0671 2952 [ 118EDC3E712FF83CE25612081A69075D ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe11:17:20.0687 2952 TuneUp.UtilitiesSvc - ok11:17:20.0687 2952 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys11:17:20.0703 2952 TuneUpUtilitiesDrv - ok11:17:20.0718 2952 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys11:17:20.0718 2952 Udfs - ok11:17:20.0718 2952 ultra - ok11:17:20.0828 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys11:17:20.0828 2952 Update - ok11:17:20.0859 2952 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean C:\Program Files\UPHClean\uphclean.exe11:17:20.0859 2952 UPHClean - ok11:17:20.0875 2952 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll11:17:20.0875 2952 upnphost - ok11:17:20.0890 2952 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe11:17:20.0906 2952 UPS - ok11:17:20.0921 2952 [ CB41CD653916362CA5ECD242382A156E ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys11:17:20.0921 2952 UrlFilter - ok11:17:20.0937 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys11:17:20.0937 2952 usbccgp - ok11:17:20.0953 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys11:17:20.0953 2952 usbehci - ok11:17:20.0968 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys11:17:20.0968 2952 usbhub - ok11:17:20.0984 2952 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys11:17:20.0984 2952 usbprint - ok11:17:21.0000 2952 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS11:17:21.0000 2952 USBSTOR - ok11:17:21.0015 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys11:17:21.0015 2952 usbuhci - ok11:17:21.0046 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll11:17:21.0046 2952 UxTuneUp - ok11:17:21.0062 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys11:17:21.0062 2952 VgaSave - ok11:17:21.0062 2952 ViaIde - ok11:17:21.0093 2952 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys11:17:21.0109 2952 VolSnap - ok11:17:21.0218 2952 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe11:17:21.0234 2952 VSS - ok11:17:21.0359 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe11:17:21.0359 2952 vToolbarUpdater13.2.0 - ok11:17:21.0437 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll11:17:21.0437 2952 W32Time - ok11:17:21.0453 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys11:17:21.0453 2952 Wanarp - ok11:17:21.0453 2952 WDICA - ok11:17:21.0484 2952 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys11:17:21.0484 2952 wdmaud - ok11:17:21.0515 2952 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll11:17:21.0515 2952 WebClient - ok11:17:21.0562 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll11:17:21.0562 2952 winmgmt - ok11:17:21.0593 2952 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll11:17:21.0609 2952 WinRM - ok11:17:21.0625 2952 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll11:17:21.0640 2952 WmdmPmSN - ok11:17:21.0687 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll11:17:21.0687 2952 Wmi - ok11:17:21.0703 2952 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe11:17:21.0718 2952 WmiApSrv - ok11:17:21.0765 2952 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe11:17:21.0796 2952 WMPNetworkSvc - ok11:17:21.0859 2952 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe11:17:21.0875 2952 WPFFontCache_v0400 - ok11:17:21.0921 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(1) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys11:17:21.0921 2952 WsAudio_DeviceS(1) - ok11:17:21.0937 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(2) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys11:17:21.0937 2952 WsAudio_DeviceS(2) - ok11:17:21.0953 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(3) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys11:17:21.0953 2952 WsAudio_DeviceS(3) - ok11:17:21.0968 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(4) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys11:17:21.0984 2952 WsAudio_DeviceS(4) - ok11:17:22.0000 2952 [ 4160CBE59D9B5BE22E4C3897E8DB9D56 ] WsAudio_DeviceS(5) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys11:17:22.0000 2952 WsAudio_DeviceS(5) - ok11:17:22.0015 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll11:17:22.0031 2952 wscsvc - ok11:17:22.0046 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll11:17:22.0046 2952 wuauserv - ok11:17:22.0062 2952 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys11:17:22.0062 2952 WudfPf - ok11:17:22.0062 2952 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys11:17:22.0062 2952 WudfRd - ok11:17:22.0078 2952 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll11:17:22.0109 2952 WudfSvc - ok11:17:22.0187 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll11:17:22.0187 2952 WZCSVC - ok11:17:22.0203 2952 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll11:17:22.0218 2952 xmlprov - ok11:17:22.0218 2952 ================ Scan global ===============================11:17:22.0234 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll11:17:22.0250 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll11:17:22.0265 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll11:17:22.0281 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe11:17:22.0281 2952 [Global] - ok11:17:22.0281 2952 ================ Scan MBR ==================================11:17:22.0296 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR011:17:22.0781 2952 \Device\Harddisk0\DR0 - ok11:17:22.0796 2952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR111:17:23.0015 2952 \Device\Harddisk1\DR1 - ok11:17:23.0015 2952 ================ Scan VBR ==================================11:17:23.0015 2952 [ C593EAFFA0EC925B070596C4D76C0F8A ] \Device\Harddisk0\DR0\Partition111:17:23.0015 2952 \Device\Harddisk0\DR0\Partition1 - ok11:17:23.0015 2952 [ C86D8448686A33EF77E5B847E8C484A9 ] \Device\Harddisk1\DR1\Partition111:17:23.0015 2952 \Device\Harddisk1\DR1\Partition1 - ok11:17:23.0015 2952 ================ Scan active images ========================11:17:23.0015 2952 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys11:17:23.0015 2952 C:\WINDOWS\system32\drivers\intelppm.sys - ok11:17:23.0015 2952 [ ED9816DBAF6689542EA7D022631906A1 ] C:\WINDOWS\system32\drivers\nv4_mini.sys11:17:23.0015 2952 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok11:17:23.0031 2952 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\videoprt.sys - ok11:17:23.0031 2952 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbport.sys - ok11:17:23.0031 2952 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbuhci.sys - ok11:17:23.0031 2952 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\usbehci.sys - ok11:17:23.0031 2952 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok11:17:23.0031 2952 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\cdrom.sys - ok11:17:23.0031 2952 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ks.sys - ok11:17:23.0031 2952 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\imapi.sys - ok11:17:23.0031 2952 [ F43673D97B9DF66999C3DFA6E538EF5B ] C:\WINDOWS\system32\drivers\l151x86.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\l151x86.sys - ok11:17:23.0031 2952 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\redbook.sys - ok11:17:23.0031 2952 [ D48659BB24C48345D926ECB45C1EBDF5 ] C:\WINDOWS\system32\drivers\ASACPI.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\ASACPI.sys - ok11:17:23.0031 2952 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\fdc.sys - ok11:17:23.0031 2952 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys11:17:23.0031 2952 C:\WINDOWS\system32\drivers\i8042prt.sys - ok11:17:23.0046 2952 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serenum.sys - ok11:17:23.0046 2952 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\serial.sys - ok11:17:23.0046 2952 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\audstub.sys - ok11:17:23.0046 2952 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\kbdclass.sys - ok11:17:23.0046 2952 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndistapi.sys - ok11:17:23.0046 2952 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\ndiswan.sys - ok11:17:23.0046 2952 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok11:17:23.0046 2952 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspppoe.sys - ok11:17:23.0046 2952 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\msgpc.sys - ok11:17:23.0046 2952 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\psched.sys - ok11:17:23.0046 2952 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys11:17:23.0046 2952 C:\WINDOWS\system32\drivers\raspptp.sys - ok11:17:23.0062 2952 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\tdi.sys - ok11:17:23.0062 2952 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ptilink.sys - ok11:17:23.0062 2952 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\raspti.sys - ok11:17:23.0062 2952 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\rdpdr.sys - ok11:17:23.0062 2952 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mouclass.sys - ok11:17:23.0062 2952 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\swenum.sys - ok11:17:23.0062 2952 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\termdd.sys - ok11:17:23.0062 2952 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\update.sys - ok11:17:23.0062 2952 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\mssmbios.sys - ok11:17:23.0062 2952 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\ndproxy.sys - ok11:17:23.0062 2952 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbd.sys - ok11:17:23.0062 2952 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys11:17:23.0062 2952 C:\WINDOWS\system32\drivers\usbhub.sys - ok11:17:23.0078 2952 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\drmk.sys - ok11:17:23.0078 2952 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\portcls.sys - ok11:17:23.0078 2952 [ 976BFBACF0099565B14810D4840CFC6F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok11:17:23.0078 2952 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\flpydisk.sys - ok11:17:23.0078 2952 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] C:\WINDOWS\system32\drivers\avgtpx86.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\avgtpx86.sys - ok11:17:23.0078 2952 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\beep.sys - ok11:17:23.0078 2952 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\cdaudio.sys - ok11:17:23.0078 2952 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\fs_rec.sys - ok11:17:23.0078 2952 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\hidparse.sys - ok11:17:23.0078 2952 [ 9EF487A186DEA361AA06913A75B3FA99 ] C:\WINDOWS\system32\drivers\kbdhid.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\kbdhid.sys - ok11:17:23.0078 2952 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\null.sys - ok11:17:23.0078 2952 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys11:17:23.0078 2952 C:\WINDOWS\system32\drivers\sfloppy.sys - ok11:17:23.0093 2952 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\vga.sys - ok11:17:23.0093 2952 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\mnmdd.sys - ok11:17:23.0093 2952 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\msfs.sys - ok11:17:23.0093 2952 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok11:17:23.0093 2952 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\ipsec.sys - ok11:17:23.0093 2952 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\netbt.sys - ok11:17:23.0093 2952 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\npfs.sys - ok11:17:23.0093 2952 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\rasacd.sys - ok11:17:23.0093 2952 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tcpip.sys - ok11:17:23.0093 2952 [ 7AC66D3A5BA87C6CD16B457A3786DF64 ] C:\WINDOWS\system32\drivers\tmeext.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\tmeext.sys - ok11:17:23.0093 2952 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys11:17:23.0093 2952 C:\WINDOWS\system32\drivers\afd.sys - ok11:17:23.0109 2952 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\ipnat.sys - ok11:17:23.0109 2952 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\netbios.sys - ok11:17:23.0109 2952 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\wanarp.sys - ok11:17:23.0109 2952 [ 0C9ACEF23B537D6E8B1373C98D066B1C ] C:\WINDOWS\system32\drivers\tmcomm.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmcomm.sys - ok11:17:23.0109 2952 [ 63828FBD740F178DE2E2D42C3136FDEE ] C:\WINDOWS\system32\drivers\tmevtmgr.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmevtmgr.sys - ok11:17:23.0109 2952 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok11:17:23.0109 2952 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\rdbss.sys - ok11:17:23.0109 2952 [ D0B08F941C0B06846533C6A38DD09B22 ] C:\WINDOWS\system32\drivers\tmactmon.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmactmon.sys - ok11:17:23.0109 2952 [ 43C1B7C778B296D492AF6D2ABB2ECF7F ] C:\WINDOWS\system32\drivers\tmtdi.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\tmtdi.sys - ok11:17:23.0109 2952 [ 663F2FB92608073824EE3106886120F3 ] C:\WINDOWS\system32\drivers\AsIO.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\AsIO.sys - ok11:17:23.0109 2952 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys11:17:23.0109 2952 C:\WINDOWS\system32\drivers\fips.sys - ok11:17:23.0109 2952 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe11:17:23.0109 2952 C:\WINDOWS\system32\smss.exe - ok11:17:23.0109 2952 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll11:17:23.0109 2952 C:\WINDOWS\system32\ntdll.dll - ok11:17:23.0125 2952 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll11:17:23.0125 2952 C:\WINDOWS\system32\sfcfiles.dll - ok11:17:23.0125 2952 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\cdfs.sys - ok11:17:23.0125 2952 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbccgp.sys - ok11:17:23.0125 2952 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidclass.sys - ok11:17:23.0125 2952 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\hidusb.sys - ok11:17:23.0125 2952 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\mouhid.sys - ok11:17:23.0125 2952 [ ABCB05CCDBF03000354B9553820E39F8 ] C:\WINDOWS\system32\drivers\HPZius12.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZius12.sys - ok11:17:23.0125 2952 [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\usbprint.sys - ok11:17:23.0125 2952 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] C:\WINDOWS\system32\drivers\HPZid412.sys11:17:23.0125 2952 C:\WINDOWS\system32\drivers\HPZid412.sys - ok11:17:23.0140 2952 [ 89F41658929393487B6B7D13C8528CE3 ] C:\WINDOWS\system32\drivers\HPZipr12.sys11:17:23.0140 2952 C:\WINDOWS\system32\drivers\HPZipr12.sys - ok11:17:23.0140 2952 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxapi.sys - ok11:17:23.0140 2952 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys11:17:23.0140 2952 C:\WINDOWS\system32\watchdog.sys - ok11:17:23.0140 2952 [ F984CAE54E536681B209F7816D8F68DA ] C:\WINDOWS\system32\win32k.sys11:17:23.0140 2952 C:\WINDOWS\system32\win32k.sys - ok11:17:23.0140 2952 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll11:17:23.0140 2952 C:\WINDOWS\system32\basesrv.dll - ok11:17:23.0140 2952 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll11:17:23.0140 2952 C:\WINDOWS\system32\csrsrv.dll - ok11:17:23.0140 2952 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe11:17:23.0140 2952 C:\WINDOWS\system32\csrss.exe - ok11:17:23.0140 2952 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll11:17:23.0140 2952 C:\WINDOWS\system32\gdi32.dll - ok11:17:23.0140 2952 [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll11:17:23.0140 2952 C:\WINDOWS\system32\kernel32.dll - ok11:17:23.0140 2952 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll11:17:23.0140 2952 C:\WINDOWS\system32\winsrv.dll - ok11:17:23.0140 2952 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll11:17:23.0140 2952 C:\WINDOWS\system32\user32.dll - ok11:17:23.0140 2952 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys11:17:23.0140 2952 C:\WINDOWS\system32\drivers\dxg.sys - ok11:17:23.0156 2952 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys11:17:23.0156 2952 C:\WINDOWS\system32\drivers\dxgthk.sys - ok11:17:23.0156 2952 [ 2C9A151701878E18563447EB2C2B0516 ] C:\WINDOWS\system32\nv4_disp.dll11:17:23.0156 2952 C:\WINDOWS\system32\nv4_disp.dll - ok11:17:23.0156 2952 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll11:17:23.0156 2952 C:\WINDOWS\system32\vga.dll - ok11:17:23.0156 2952 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe11:17:23.0156 2952 C:\WINDOWS\system32\winlogon.exe - ok11:17:23.0156 2952 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll11:17:23.0156 2952 C:\WINDOWS\system32\advapi32.dll - ok11:17:23.0156 2952 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll11:17:23.0156 2952 C:\WINDOWS\system32\rpcrt4.dll - ok11:17:23.0156 2952 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll11:17:23.0156 2952 C:\WINDOWS\system32\authz.dll - ok11:17:23.0156 2952 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll11:17:23.0156 2952 C:\WINDOWS\system32\secur32.dll - ok11:17:23.0156 2952 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll11:17:23.0156 2952 C:\WINDOWS\system32\crypt32.dll - ok11:17:23.0156 2952 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll11:17:23.0156 2952 C:\WINDOWS\system32\msvcrt.dll - ok11:17:23.0156 2952 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll11:17:23.0156 2952 C:\WINDOWS\system32\msasn1.dll - ok11:17:23.0156 2952 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll11:17:23.0156 2952 C:\WINDOWS\system32\nddeapi.dll - ok11:17:23.0171 2952 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll11:17:23.0171 2952 C:\WINDOWS\system32\profmap.dll - ok11:17:23.0171 2952 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll11:17:23.0171 2952 C:\WINDOWS\system32\netapi32.dll - ok11:17:23.0171 2952 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll11:17:23.0171 2952 C:\WINDOWS\system32\userenv.dll - ok11:17:23.0171 2952 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll11:17:23.0171 2952 C:\WINDOWS\system32\psapi.dll - ok11:17:23.0171 2952 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll11:17:23.0171 2952 C:\WINDOWS\system32\regapi.dll - ok11:17:23.0171 2952 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll11:17:23.0171 2952 C:\WINDOWS\system32\setupapi.dll - ok11:17:23.0171 2952 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll11:17:23.0171 2952 C:\WINDOWS\system32\version.dll - ok Link to post Share on other sites More sharing options...
steveopevo Posted January 9, 2013 Author ID:632174 Share Posted January 9, 2013 11:17:23.0171 2952 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll11:17:23.0171 2952 C:\WINDOWS\system32\imagehlp.dll - ok11:17:23.0171 2952 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll11:17:23.0171 2952 C:\WINDOWS\system32\winsta.dll - ok11:17:23.0171 2952 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll11:17:23.0171 2952 C:\WINDOWS\system32\wintrust.dll - ok11:17:23.0171 2952 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll11:17:23.0171 2952 C:\WINDOWS\system32\ws2help.dll - ok11:17:23.0171 2952 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll11:17:23.0171 2952 C:\WINDOWS\system32\ws2_32.dll - ok11:17:23.0187 2952 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll11:17:23.0187 2952 C:\WINDOWS\system32\imm32.dll - ok11:17:23.0187 2952 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll11:17:23.0187 2952 C:\WINDOWS\system32\kbdus.dll - ok11:17:23.0187 2952 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll11:17:23.0187 2952 C:\WINDOWS\system32\msgina.dll - ok11:17:23.0187 2952 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll11:17:23.0187 2952 C:\WINDOWS\system32\comctl32.dll - ok11:17:23.0187 2952 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll11:17:23.0187 2952 C:\WINDOWS\system32\comdlg32.dll - ok11:17:23.0187 2952 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll11:17:23.0187 2952 C:\WINDOWS\system32\odbc32.dll - ok11:17:23.0187 2952 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll11:17:23.0187 2952 C:\WINDOWS\system32\shell32.dll - ok11:17:23.0187 2952 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll11:17:23.0187 2952 C:\WINDOWS\system32\shlwapi.dll - ok11:17:23.0187 2952 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll11:17:23.0187 2952 C:\WINDOWS\system32\sxs.dll - ok11:17:23.0187 2952 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll11:17:23.0187 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok11:17:23.0187 2952 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll11:17:23.0187 2952 C:\WINDOWS\system32\odbcint.dll - ok11:17:23.0187 2952 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll11:17:23.0187 2952 C:\WINDOWS\system32\sfc.dll - ok11:17:23.0203 2952 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll11:17:23.0203 2952 C:\WINDOWS\system32\sfc_os.dll - ok11:17:23.0203 2952 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll11:17:23.0203 2952 C:\WINDOWS\system32\shsvcs.dll - ok11:17:23.0203 2952 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll11:17:23.0203 2952 C:\WINDOWS\system32\ole32.dll - ok11:17:23.0203 2952 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll11:17:23.0203 2952 C:\WINDOWS\system32\apphelp.dll - ok11:17:23.0203 2952 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll11:17:23.0203 2952 C:\WINDOWS\system32\lsasrv.dll - ok11:17:23.0203 2952 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe11:17:23.0203 2952 C:\WINDOWS\system32\lsass.exe - ok11:17:23.0203 2952 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll11:17:23.0203 2952 C:\WINDOWS\system32\ncobjapi.dll - ok11:17:23.0203 2952 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe11:17:23.0203 2952 C:\WINDOWS\system32\services.exe - ok11:17:23.0203 2952 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll11:17:23.0203 2952 C:\WINDOWS\system32\msvcp60.dll - ok11:17:23.0203 2952 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll11:17:23.0203 2952 C:\WINDOWS\system32\mpr.dll - ok11:17:23.0203 2952 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll11:17:23.0203 2952 C:\WINDOWS\system32\scesrv.dll - ok11:17:23.0203 2952 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll11:17:23.0203 2952 C:\WINDOWS\system32\ntdsapi.dll - ok11:17:23.0218 2952 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll11:17:23.0218 2952 C:\WINDOWS\system32\umpnpmgr.dll - ok11:17:23.0218 2952 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll11:17:23.0218 2952 C:\WINDOWS\system32\dnsapi.dll - ok11:17:23.0218 2952 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll11:17:23.0218 2952 C:\WINDOWS\system32\shimeng.dll - ok11:17:23.0218 2952 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll11:17:23.0218 2952 C:\WINDOWS\system32\wldap32.dll - ok11:17:23.0218 2952 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll11:17:23.0218 2952 C:\WINDOWS\AppPatch\acadproc.dll - ok11:17:23.0218 2952 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll11:17:23.0218 2952 C:\WINDOWS\system32\samlib.dll - ok11:17:23.0218 2952 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll11:17:23.0218 2952 C:\WINDOWS\system32\samsrv.dll - ok11:17:23.0218 2952 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll11:17:23.0218 2952 C:\WINDOWS\system32\cryptdll.dll - ok11:17:23.0218 2952 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll11:17:23.0218 2952 C:\WINDOWS\AppPatch\acgenral.dll - ok11:17:23.0218 2952 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll11:17:23.0218 2952 C:\WINDOWS\system32\oleaut32.dll - ok11:17:23.0218 2952 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll11:17:23.0218 2952 C:\WINDOWS\system32\winmm.dll - ok11:17:23.0218 2952 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll11:17:23.0218 2952 C:\WINDOWS\system32\msacm32.dll - ok11:17:23.0234 2952 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll11:17:23.0234 2952 C:\WINDOWS\system32\uxtheme.dll - ok11:17:23.0234 2952 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll11:17:23.0234 2952 C:\WINDOWS\system32\msapsspc.dll - ok11:17:23.0234 2952 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll11:17:23.0234 2952 C:\WINDOWS\system32\msvcrt40.dll - ok11:17:23.0234 2952 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll11:17:23.0234 2952 C:\WINDOWS\system32\schannel.dll - ok11:17:23.0234 2952 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll11:17:23.0234 2952 C:\WINDOWS\system32\digest.dll - ok11:17:23.0234 2952 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll11:17:23.0234 2952 C:\WINDOWS\system32\msnsspc.dll - ok11:17:23.0234 2952 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll11:17:23.0234 2952 C:\WINDOWS\system32\kerberos.dll - ok11:17:23.0234 2952 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\msctfime.ime11:17:23.0234 2952 C:\WINDOWS\system32\msctfime.ime - ok11:17:23.0234 2952 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll11:17:23.0234 2952 C:\WINDOWS\system32\msprivs.dll - ok11:17:23.0234 2952 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll11:17:23.0234 2952 C:\WINDOWS\system32\msv1_0.dll - ok11:17:23.0234 2952 [ C11D10A3C164AC222BC9AAB3650A88B3 ] C:\WINDOWS\system32\atmfd.dll11:17:23.0234 2952 C:\WINDOWS\system32\atmfd.dll - ok11:17:23.0234 2952 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll11:17:23.0234 2952 C:\WINDOWS\system32\iphlpapi.dll - ok11:17:23.0250 2952 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll11:17:23.0250 2952 C:\WINDOWS\system32\netlogon.dll - ok11:17:23.0250 2952 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll11:17:23.0250 2952 C:\WINDOWS\system32\w32time.dll - ok11:17:23.0250 2952 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll11:17:23.0250 2952 C:\WINDOWS\system32\wdigest.dll - ok11:17:23.0250 2952 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll11:17:23.0250 2952 C:\WINDOWS\system32\rsaenh.dll - ok11:17:23.0250 2952 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll11:17:23.0250 2952 C:\WINDOWS\system32\winscard.dll - ok11:17:23.0250 2952 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll11:17:23.0250 2952 C:\WINDOWS\system32\wtsapi32.dll - ok11:17:23.0250 2952 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll11:17:23.0250 2952 C:\WINDOWS\system32\scecli.dll - ok11:17:23.0250 2952 [ 993F7B0BA5188A0007C085AA10257B8E ] C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe - ok11:17:23.0250 2952 [ 26AA77FC855DC49E3FFD98BFB38904BE ] C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl11:17:23.0250 2952 C:\Program Files\IObit\Advanced SystemCare 6\rtl120.bpl - ok11:17:23.0250 2952 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll11:17:23.0250 2952 C:\WINDOWS\system32\oleacc.dll - ok11:17:23.0250 2952 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll11:17:23.0250 2952 C:\WINDOWS\system32\wsock32.dll - ok11:17:23.0265 2952 [ B10E3287B7CB1060CD70B51B079A354D ] C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl11:17:23.0265 2952 C:\Program Files\IObit\Advanced SystemCare 6\vcl120.bpl - ok11:17:23.0265 2952 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll11:17:23.0265 2952 C:\WINDOWS\system32\msimg32.dll - ok11:17:23.0265 2952 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv11:17:23.0265 2952 C:\WINDOWS\system32\winspool.drv - ok11:17:23.0265 2952 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll11:17:23.0265 2952 C:\WINDOWS\system32\oledlg.dll - ok11:17:23.0265 2952 [ A2322C6207EBB0761A6C8CC9003EBACF ] C:\WINDOWS\system32\nvsvc32.exe11:17:23.0265 2952 C:\WINDOWS\system32\nvsvc32.exe - ok11:17:23.0265 2952 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll11:17:23.0265 2952 C:\WINDOWS\system32\powrprof.dll - ok11:17:23.0265 2952 [ 58A517026E5C8674A70B9B6650691EFE ] C:\WINDOWS\system32\nvcpl.dll11:17:23.0265 2952 C:\WINDOWS\system32\nvcpl.dll - ok11:17:23.0265 2952 [ 6A65DA7325CF33ACAA112DC2F70B0934 ] C:\WINDOWS\system32\nvapi.dll11:17:23.0265 2952 C:\WINDOWS\system32\nvapi.dll - ok11:17:23.0265 2952 [ 0AD786CEEFBD6D51B7D35788D83857B9 ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll11:17:23.0265 2952 C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok11:17:23.0265 2952 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe11:17:23.0265 2952 C:\WINDOWS\system32\logonui.exe - ok11:17:23.0281 2952 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll11:17:23.0281 2952 C:\WINDOWS\system32\duser.dll - ok11:17:23.0281 2952 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll11:17:23.0281 2952 C:\WINDOWS\system32\clbcatq.dll - ok11:17:23.0281 2952 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll11:17:23.0281 2952 C:\WINDOWS\system32\comres.dll - ok11:17:23.0281 2952 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll11:17:23.0281 2952 C:\WINDOWS\system32\shgina.dll - ok11:17:23.0281 2952 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe11:17:23.0281 2952 C:\WINDOWS\system32\svchost.exe - ok11:17:23.0281 2952 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll11:17:23.0281 2952 C:\WINDOWS\system32\ntmarta.dll - ok11:17:23.0281 2952 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll11:17:23.0281 2952 C:\WINDOWS\system32\rpcss.dll - ok11:17:23.0281 2952 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll11:17:23.0281 2952 C:\WINDOWS\system32\xpsp2res.dll - ok11:17:23.0281 2952 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll11:17:23.0281 2952 C:\WINDOWS\system32\eventlog.dll - ok11:17:23.0281 2952 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll11:17:23.0281 2952 C:\WINDOWS\system32\mswsock.dll - ok11:17:23.0296 2952 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll11:17:23.0296 2952 C:\WINDOWS\system32\hnetcfg.dll - ok11:17:23.0296 2952 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll11:17:23.0296 2952 C:\WINDOWS\system32\winrnr.dll - ok11:17:23.0296 2952 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll11:17:23.0296 2952 C:\WINDOWS\system32\wshtcpip.dll - ok11:17:23.0296 2952 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll11:17:23.0296 2952 C:\WINDOWS\system32\rasadhlp.dll - ok11:17:23.0296 2952 [ 24F51FBA322F06A3E336C301025D6D12 ] C:\WINDOWS\system32\uxtuneup.dll11:17:23.0296 2952 C:\WINDOWS\system32\uxtuneup.dll - ok11:17:23.0296 2952 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll11:17:23.0296 2952 C:\WINDOWS\system32\dbghelp.dll - ok11:17:23.0296 2952 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys11:17:23.0296 2952 C:\WINDOWS\system32\drivers\ndisuio.sys - ok11:17:23.0296 2952 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll11:17:23.0296 2952 C:\WINDOWS\system32\dhcpcsvc.dll - ok11:17:23.0296 2952 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll11:17:23.0296 2952 C:\WINDOWS\system32\cscdll.dll - ok11:17:23.0296 2952 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll11:17:23.0296 2952 C:\WINDOWS\system32\dimsntfy.dll - ok11:17:23.0296 2952 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll11:17:23.0296 2952 C:\WINDOWS\system32\dnsrslvr.dll - ok11:17:23.0296 2952 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll11:17:23.0296 2952 C:\WINDOWS\system32\wzcsvc.dll - ok11:17:23.0312 2952 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll11:17:23.0312 2952 C:\WINDOWS\system32\wlnotify.dll - ok11:17:23.0312 2952 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll11:17:23.0312 2952 C:\WINDOWS\system32\rtutils.dll - ok11:17:23.0312 2952 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll11:17:23.0312 2952 C:\WINDOWS\system32\wmi.dll - ok11:17:23.0312 2952 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll11:17:23.0312 2952 C:\WINDOWS\system32\eapolqec.dll - ok11:17:23.0312 2952 [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll11:17:23.0312 2952 C:\WINDOWS\system32\WgaLogon.dll - ok11:17:23.0312 2952 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll11:17:23.0312 2952 C:\WINDOWS\system32\atl.dll - ok11:17:23.0312 2952 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll11:17:23.0312 2952 C:\WINDOWS\system32\qutil.dll - ok11:17:23.0312 2952 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll11:17:23.0312 2952 C:\WINDOWS\system32\dot3api.dll - ok11:17:23.0312 2952 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll11:17:23.0312 2952 C:\WINDOWS\system32\esent.dll - ok11:17:23.0312 2952 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll11:17:23.0312 2952 C:\WINDOWS\system32\msxml3.dll - ok11:17:23.0312 2952 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll11:17:23.0312 2952 C:\WINDOWS\system32\rastls.dll - ok11:17:23.0312 2952 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll11:17:23.0312 2952 C:\WINDOWS\system32\cryptui.dll - ok11:17:23.0328 2952 [ 9AD88EA663124336E88EB031F917CE20 ] C:\WINDOWS\system32\wininet.dll11:17:23.0328 2952 C:\WINDOWS\system32\wininet.dll - ok11:17:23.0328 2952 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll11:17:23.0328 2952 C:\WINDOWS\system32\normaliz.dll - ok11:17:23.0328 2952 [ BCA608797A3E8EEC0094CD6D596D77D7 ] C:\WINDOWS\system32\urlmon.dll11:17:23.0328 2952 C:\WINDOWS\system32\urlmon.dll - ok11:17:23.0328 2952 [ 994B77915EA49A467CDA144806AE42D6 ] C:\WINDOWS\system32\iertutil.dll11:17:23.0328 2952 C:\WINDOWS\system32\iertutil.dll - ok11:17:23.0328 2952 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll11:17:23.0328 2952 C:\WINDOWS\system32\mprapi.dll - ok11:17:23.0328 2952 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll11:17:23.0328 2952 C:\WINDOWS\system32\activeds.dll - ok11:17:23.0328 2952 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll11:17:23.0328 2952 C:\WINDOWS\system32\adsldpc.dll - ok11:17:23.0328 2952 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll11:17:23.0328 2952 C:\WINDOWS\system32\rasapi32.dll - ok11:17:23.0328 2952 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll11:17:23.0328 2952 C:\WINDOWS\system32\rasman.dll - ok11:17:23.0328 2952 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll11:17:23.0328 2952 C:\WINDOWS\system32\tapi32.dll - ok11:17:23.0328 2952 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll11:17:23.0328 2952 C:\WINDOWS\system32\riched20.dll - ok11:17:23.0328 2952 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll11:17:23.0328 2952 C:\WINDOWS\system32\raschap.dll - ok11:17:23.0343 2952 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll11:17:23.0343 2952 C:\WINDOWS\system32\schedsvc.dll - ok11:17:23.0343 2952 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll11:17:23.0343 2952 C:\WINDOWS\system32\msidle.dll - ok11:17:23.0343 2952 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll11:17:23.0343 2952 C:\WINDOWS\system32\cscui.dll - ok11:17:23.0343 2952 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe11:17:23.0343 2952 C:\WINDOWS\system32\spoolsv.exe - ok11:17:23.0343 2952 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll11:17:23.0343 2952 C:\WINDOWS\system32\audiosrv.dll - ok11:17:23.0343 2952 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll11:17:23.0343 2952 C:\WINDOWS\system32\dpcdll.dll - ok11:17:23.0343 2952 [ 8AE99EBE30E8338907361018D9030835 ] C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe - ok11:17:23.0343 2952 [ DD82EB68D97944B192C7803EB585B03C ] C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\rtl120.bpl - ok11:17:23.0343 2952 [ 773EBD87010A6F644869A59D98792C9C ] C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\vcl120.bpl - ok11:17:23.0343 2952 [ 8A73E259446AEADF64EA884F2BCE4E69 ] C:\Program Files\IObit\IObit Malware Fighter\datastate.dll11:17:23.0343 2952 C:\Program Files\IObit\IObit Malware Fighter\datastate.dll - ok11:17:23.0343 2952 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe11:17:23.0343 2952 C:\WINDOWS\system32\userinit.exe - ok11:17:23.0359 2952 [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe11:17:23.0359 2952 C:\WINDOWS\system32\WgaTray.exe - ok11:17:23.0359 2952 [ 452DB84283EB2F043827AC95D62CE19C ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe - ok11:17:23.0359 2952 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe11:17:23.0359 2952 C:\WINDOWS\explorer.exe - ok11:17:23.0359 2952 [ 4C867B62F6100C107A3A8F5E7A10461D ] C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl11:17:23.0359 2952 C:\Program Files\Spybot - Search & Destroy 2\rtl150.bpl - ok11:17:23.0359 2952 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll11:17:23.0359 2952 C:\WINDOWS\system32\browseui.dll - ok11:17:23.0359 2952 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll11:17:23.0359 2952 C:\WINDOWS\system32\cryptnet.dll - ok11:17:23.0359 2952 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll11:17:23.0359 2952 C:\WINDOWS\system32\sensapi.dll - ok11:17:23.0359 2952 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll11:17:23.0359 2952 C:\WINDOWS\system32\shdocvw.dll - ok11:17:23.0359 2952 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll11:17:23.0359 2952 C:\WINDOWS\system32\winhttp.dll - ok11:17:23.0359 2952 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll11:17:23.0359 2952 C:\WINDOWS\system32\wkssvc.dll - ok11:17:23.0359 2952 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll11:17:23.0359 2952 C:\WINDOWS\system32\shfolder.dll - ok11:17:23.0359 2952 [ 3307A07B81206F354F0D4BEFEE922437 ] C:\WINDOWS\system32\LegitCheckControl.DLL11:17:23.0359 2952 C:\WINDOWS\system32\LegitCheckControl.DLL - ok11:17:23.0359 2952 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll11:17:23.0359 2952 C:\WINDOWS\system32\wbem\wbemprox.dll - ok11:17:23.0375 2952 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll11:17:23.0375 2952 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok11:17:23.0375 2952 [ D9AF104F7E21FA859EFA3C67E5522E88 ] C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vcl150.bpl - ok11:17:23.0375 2952 [ 9C2543A7AC524CAA63B26A16D4E3AD39 ] C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl - ok11:17:23.0375 2952 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl11:17:23.0375 2952 C:\WINDOWS\system32\desk.cpl - ok11:17:23.0375 2952 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll11:17:23.0375 2952 C:\WINDOWS\system32\themeui.dll - ok11:17:23.0375 2952 [ AEB9DD47B76075B05E27874384544F39 ] C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclie150.bpl - ok11:17:23.0375 2952 [ 5422CB64444C33F029483552A8FACE37 ] C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\vclx150.bpl - ok11:17:23.0375 2952 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll11:17:23.0375 2952 C:\WINDOWS\system32\actxprxy.dll - ok11:17:23.0375 2952 [ FA27F4DF4015B22F04B5D18044A24322 ] C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl - ok11:17:23.0375 2952 [ 0FDABB1FD68CBC557084E16B0EA2F731 ] C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\snlBase150.bpl - ok11:17:23.0375 2952 [ 105ED75F4CEE9E58152061520DAA4ABD ] C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl11:17:23.0375 2952 C:\Program Files\Spybot - Search & Destroy 2\Jcl150.bpl - ok11:17:23.0375 2952 [ 86E99E1222E671408ED5E8618521AEEB ] C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl - ok11:17:23.0390 2952 [ 9244E0240A1D150581C3BAA89D8AA154 ] C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl - ok11:17:23.0390 2952 [ 4AA01BD5CC7DA9888AF33C5FAB5BF1DD ] C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\vclimg150.bpl - ok11:17:23.0390 2952 [ 8F220DCB4AA4B2A12ECE5B87C701170D ] C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl - ok11:17:23.0390 2952 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll11:17:23.0390 2952 C:\WINDOWS\system32\cabinet.dll - ok11:17:23.0390 2952 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll11:17:23.0390 2952 C:\WINDOWS\system32\olepro32.dll - ok11:17:23.0390 2952 [ CA3B195D98BDBBB7D50C70372CF3005F ] C:\WINDOWS\system32\jsproxy.dll11:17:23.0390 2952 C:\WINDOWS\system32\jsproxy.dll - ok11:17:23.0390 2952 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx11:17:23.0390 2952 C:\WINDOWS\system32\hhctrl.ocx - ok11:17:23.0390 2952 [ 77A54BDFBAD4604E6131AE68E3CF76D6 ] C:\WINDOWS\system32\srclient.dll11:17:23.0390 2952 C:\WINDOWS\system32\srclient.dll - ok11:17:23.0390 2952 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll11:17:23.0390 2952 C:\WINDOWS\system32\wbem\framedyn.dll - ok11:17:23.0390 2952 [ D21AB32F16E8DE67D45E5A383B5E52BA ] C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\ssleay32.dll - ok11:17:23.0390 2952 [ B009D6171147BE129636A49C4178E487 ] C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll11:17:23.0390 2952 C:\Program Files\Spybot - Search & Destroy 2\libeay32.dll - ok11:17:23.0406 2952 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll11:17:23.0406 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok11:17:23.0406 2952 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe11:17:23.0406 2952 C:\WINDOWS\system32\cmd.exe - ok11:17:23.0406 2952 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll11:17:23.0406 2952 C:\WINDOWS\system32\mscms.dll - ok11:17:23.0406 2952 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll11:17:23.0406 2952 C:\WINDOWS\system32\localspl.dll - ok11:17:23.0406 2952 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll11:17:23.0406 2952 C:\WINDOWS\system32\spoolss.dll - ok11:17:23.0406 2952 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll11:17:23.0406 2952 C:\WINDOWS\system32\cnbjmon.dll - ok11:17:23.0406 2952 [ 903C8C110131B8A71501514B61A17761 ] C:\WINDOWS\system32\ieframe.dll11:17:23.0406 2952 C:\WINDOWS\system32\ieframe.dll - ok11:17:23.0406 2952 [ 10F23AE633810BBE7FDA6999714BF166 ] C:\WINDOWS\system32\hpz3l43a.dll11:17:23.0406 2952 C:\WINDOWS\system32\hpz3l43a.dll - ok11:17:23.0406 2952 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll11:17:23.0406 2952 C:\WINDOWS\system32\pjlmon.dll - ok11:17:23.0406 2952 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll11:17:23.0406 2952 C:\WINDOWS\system32\tcpmon.dll - ok11:17:23.0406 2952 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll11:17:23.0406 2952 C:\WINDOWS\system32\usbmon.dll - ok11:17:23.0406 2952 [ EA1B063208E4AE322BDF3F2FA235CC9D ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll11:17:23.0406 2952 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll - ok11:17:23.0406 2952 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll11:17:23.0406 2952 C:\WINDOWS\system32\netrap.dll - ok11:17:23.0421 2952 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll11:17:23.0421 2952 C:\WINDOWS\system32\win32spl.dll - ok11:17:23.0421 2952 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll11:17:23.0421 2952 C:\WINDOWS\system32\inetpp.dll - ok11:17:23.0421 2952 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll11:17:23.0421 2952 C:\WINDOWS\system32\icm32.dll - ok11:17:23.0421 2952 [ A0E86BA4B3E56C1DC277BD7CCEC555DA ] C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll11:17:23.0421 2952 C:\Program Files\Spybot - Search & Destroy 2\SDResources.dll - ok11:17:23.0421 2952 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\wdmaud.sys - ok11:17:23.0421 2952 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv11:17:23.0421 2952 C:\WINDOWS\system32\wdmaud.drv - ok11:17:23.0421 2952 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\sysaudio.sys - ok11:17:23.0421 2952 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\splitter.sys - ok11:17:23.0421 2952 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\aec.sys - ok11:17:23.0421 2952 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\swmidi.sys - ok11:17:23.0421 2952 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys11:17:23.0421 2952 C:\WINDOWS\system32\drivers\dmusic.sys - ok11:17:23.0437 2952 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys11:17:23.0437 2952 C:\WINDOWS\system32\drivers\kmixer.sys - ok11:17:23.0437 2952 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys11:17:23.0437 2952 C:\WINDOWS\system32\drivers\drmkaud.sys - ok11:17:23.0437 2952 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll11:17:23.0437 2952 C:\WINDOWS\system32\midimap.dll - ok11:17:23.0437 2952 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv11:17:23.0437 2952 C:\WINDOWS\system32\msacm32.drv - ok11:17:23.0437 2952 [ F52603B708438E39FF38475807A01CBC ] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe - ok11:17:23.0437 2952 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys11:17:23.0437 2952 C:\WINDOWS\system32\drivers\parport.sys - ok11:17:23.0437 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilGenericLoader.dll - ok11:17:23.0437 2952 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll - ok11:17:23.0437 2952 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll11:17:23.0437 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll - ok11:17:23.0437 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll - ok11:17:23.0437 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilDebugLog.dll - ok11:17:23.0437 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll11:17:23.0437 2952 C:\Program Files\Trend Micro\AMSP\utilComponentInfo.dll - ok11:17:23.0437 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\AMSP\utilInstallation.dll11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilInstallation.dll - ok11:17:23.0453 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilMsgBuffer.dll - ok11:17:23.0453 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\AMSP\utilThread.dll11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\utilThread.dll - ok11:17:23.0453 2952 [ 7F9454A776CA6BFB655D8F49CA6110F6 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe - ok11:17:23.0453 2952 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok11:17:23.0453 2952 [ 02AFDA1F5BFF989560B3C8BD7D8F355E ] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe - ok11:17:23.0453 2952 [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll11:17:23.0453 2952 C:\WINDOWS\system32\msvcr100_clr0400.dll - ok11:17:23.0453 2952 [ 37864FB65C85C28BB928A9972A02F186 ] C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe - ok11:17:23.0453 2952 [ 6C15AA98FDD8731CE9560A36F5771986 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe11:17:23.0453 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe - ok11:17:23.0453 2952 [ 08A73B0E7EE6E32983B5F9E540A8E380 ] C:\WINDOWS\system32\mscoree.dll11:17:23.0453 2952 C:\WINDOWS\system32\mscoree.dll - ok11:17:23.0453 2952 [ 09588529557D695FA74275AF7C69219F ] C:\Program Files\Trend Micro\AMSP\sqlite3.dll11:17:23.0453 2952 C:\Program Files\Trend Micro\AMSP\sqlite3.dll - ok11:17:23.0453 2952 [ AB690CD34CF4B4E3DDF78FD4FBCF88C3 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll11:17:23.0453 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvc.dll - ok11:17:23.0468 2952 [ 6C69EA6A0C308A0FB81992CAC9F39C59 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll11:17:23.0468 2952 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\fusion.dll - ok11:17:23.0468 2952 [ A52E0EBF719F379EFD178C402B1AD7BB ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe11:17:23.0468 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe - ok11:17:23.0468 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\outer_AMSP_ClientLibrary.dll - ok11:17:23.0468 2952 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll11:17:23.0468 2952 C:\WINDOWS\system32\cryptsvc.dll - ok11:17:23.0468 2952 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll11:17:23.0468 2952 C:\WINDOWS\system32\certcli.dll - ok11:17:23.0468 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\AMSP\utilIPC.dll11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilIPC.dll - ok11:17:23.0468 2952 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll11:17:23.0468 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\mfc80u.dll - ok11:17:23.0468 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\AMSP\utilRPC.dll11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilRPC.dll - ok11:17:23.0468 2952 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll11:17:23.0468 2952 C:\WINDOWS\system32\pdh.dll - ok11:17:23.0468 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll - ok11:17:23.0468 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll11:17:23.0468 2952 C:\Program Files\Trend Micro\AMSP\utilJsonHandle.dll - ok11:17:23.0468 2952 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll11:17:23.0468 2952 C:\WINDOWS\system32\odbcbcp.dll - ok11:17:23.0484 2952 [ 032320A85D15EFD4988FE4A38FF539AC ] C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\PrFacade.dll - ok11:17:23.0484 2952 [ AAED5AC724069372C3983E0E10E5D349 ] C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll - ok11:17:23.0484 2952 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll11:17:23.0484 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\mfc80ENU.dll - ok11:17:23.0484 2952 [ 5ABF7951B2B40BBDFC6DBC895F956D17 ] C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll - ok11:17:23.0484 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll11:17:23.0484 2952 C:\Program Files\Trend Micro\AMSP\instInstallationLibrary.dll - ok11:17:23.0484 2952 [ 49A612FBAE2FCDE6044E7F3226D2263D ] C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll11:17:23.0484 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll - ok11:17:23.0484 2952 [ 41EFA82C864083025ED9FF17482CBA53 ] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll11:17:23.0484 2952 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\utilUIProfile.dll - ok11:17:23.0484 2952 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll11:17:23.0484 2952 C:\WINDOWS\system32\hid.dll - ok11:17:23.0484 2952 [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll11:17:23.0484 2952 C:\WINDOWS\system32\hidserv.dll - ok11:17:23.0484 2952 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] C:\WINDOWS\system32\HPZipm12.exe11:17:23.0484 2952 C:\WINDOWS\system32\HPZipm12.exe - ok11:17:23.0484 2952 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] C:\WINDOWS\system32\IoctlSvc.exe11:17:23.0484 2952 C:\WINDOWS\system32\IoctlSvc.exe - ok11:17:23.0484 2952 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll11:17:23.0484 2952 C:\WINDOWS\system32\netman.dll - ok11:17:23.0500 2952 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll11:17:23.0500 2952 C:\WINDOWS\system32\ipsecsvc.dll - ok11:17:23.0500 2952 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll11:17:23.0500 2952 C:\WINDOWS\system32\netshell.dll - ok11:17:23.0500 2952 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll11:17:23.0500 2952 C:\WINDOWS\system32\oakley.dll - ok11:17:23.0500 2952 [ 206387AB881E93A1A6EB89966C8651F1 ] C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe - ok11:17:23.0500 2952 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll11:17:23.0500 2952 C:\WINDOWS\system32\winipsec.dll - ok11:17:23.0500 2952 [ 95DDCEF11BA9BA30402C7FA8C893A59C ] C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll11:17:23.0500 2952 C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll - ok11:17:23.0500 2952 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll11:17:23.0500 2952 C:\WINDOWS\system32\pstorsvc.dll - ok11:17:23.0500 2952 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll11:17:23.0500 2952 C:\WINDOWS\system32\credui.dll - ok11:17:23.0500 2952 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll11:17:23.0500 2952 C:\WINDOWS\system32\psbase.dll - ok11:17:23.0500 2952 [ 14361FB2FD630988816A4F46AEAF0684 ] C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll11:17:23.0500 2952 C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll - ok11:17:23.0500 2952 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll11:17:23.0500 2952 C:\WINDOWS\system32\dot3dlg.dll - ok11:17:23.0500 2952 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll11:17:23.0500 2952 C:\WINDOWS\system32\dssenh.dll - ok11:17:23.0515 2952 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll11:17:23.0515 2952 C:\WINDOWS\system32\onex.dll - ok11:17:23.0515 2952 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll11:17:23.0515 2952 C:\WINDOWS\system32\eappcfg.dll - ok11:17:23.0515 2952 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll11:17:23.0515 2952 C:\WINDOWS\system32\eappprxy.dll - ok11:17:23.0515 2952 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll11:17:23.0515 2952 C:\WINDOWS\system32\vssapi.dll - ok11:17:23.0515 2952 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll11:17:23.0515 2952 C:\WINDOWS\system32\wzcsapi.dll - ok11:17:23.0515 2952 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll11:17:23.0515 2952 C:\WINDOWS\system32\srvsvc.dll - ok11:17:23.0515 2952 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll11:17:23.0515 2952 C:\WINDOWS\system32\netmsg.dll - ok11:17:23.0515 2952 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll11:17:23.0515 2952 C:\WINDOWS\system32\es.dll - ok11:17:23.0515 2952 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys11:17:23.0515 2952 C:\WINDOWS\system32\drivers\srv.sys - ok11:17:23.0515 2952 [ CB63BDB77BB86549FC3303C2F11EDC18 ] C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe11:17:23.0515 2952 C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe - ok11:17:23.0515 2952 [ 118EDC3E712FF83CE25612081A69075D ] C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe11:17:23.0515 2952 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe - ok11:17:23.0515 2952 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll11:17:23.0515 2952 C:\WINDOWS\system32\seclogon.dll - ok11:17:23.0515 2952 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll11:17:23.0515 2952 C:\WINDOWS\system32\sens.dll - ok11:17:23.0531 2952 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll11:17:23.0531 2952 C:\WINDOWS\system32\srsvc.dll - ok11:17:23.0531 2952 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll11:17:23.0531 2952 C:\WINDOWS\system32\msi.dll - ok11:17:23.0531 2952 [ 3F9A3232E5F942874488981F3242C989 ] C:\Program Files\UPHClean\uphclean.exe11:17:23.0531 2952 C:\Program Files\UPHClean\uphclean.exe - ok11:17:23.0531 2952 [ 7D110D645030C05A06C3CD08D1E47D0A ] C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe11:17:23.0531 2952 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe - ok11:17:23.0531 2952 [ ED85C080DE4AA4C90FFF941CFD839D4C ] C:\WINDOWS\system32\drivers\uphcleanhlp.sys11:17:23.0531 2952 C:\WINDOWS\system32\drivers\uphcleanhlp.sys - ok11:17:23.0531 2952 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll11:17:23.0531 2952 C:\WINDOWS\system32\wuaueng.dll - ok11:17:23.0531 2952 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll11:17:23.0531 2952 C:\WINDOWS\system32\wuauserv.dll - ok11:17:23.0531 2952 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll11:17:23.0531 2952 C:\WINDOWS\system32\mspatcha.dll - ok11:17:23.0531 2952 [ A529CFE32565C0B145578FFB2B32C9A5 ] C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe11:17:23.0531 2952 C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe - ok11:17:23.0531 2952 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll11:17:23.0531 2952 C:\WINDOWS\system32\wbem\wmisvc.dll - ok11:17:23.0531 2952 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll11:17:23.0531 2952 C:\WINDOWS\system32\comsvcs.dll - ok11:17:23.0546 2952 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll11:17:23.0546 2952 C:\WINDOWS\system32\colbact.dll - ok11:17:23.0546 2952 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll11:17:23.0546 2952 C:\WINDOWS\system32\clusapi.dll - ok11:17:23.0546 2952 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll11:17:23.0546 2952 C:\WINDOWS\system32\mtxclu.dll - ok11:17:23.0546 2952 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll11:17:23.0546 2952 C:\WINDOWS\system32\resutils.dll - ok11:17:23.0546 2952 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll11:17:23.0546 2952 C:\WINDOWS\system32\wups.dll - ok11:17:23.0546 2952 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll11:17:23.0546 2952 C:\WINDOWS\system32\wups2.dll - ok11:17:23.0546 2952 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe11:17:23.0546 2952 C:\WINDOWS\system32\wuauclt.exe - ok11:17:23.0546 2952 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll11:17:23.0546 2952 C:\WINDOWS\system32\ipnathlp.dll - ok11:17:23.0546 2952 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll11:17:23.0546 2952 C:\WINDOWS\system32\wscsvc.dll - ok11:17:23.0546 2952 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll11:17:23.0546 2952 C:\WINDOWS\system32\wbem\wbemcore.dll - ok11:17:23.0546 2952 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll11:17:23.0546 2952 C:\WINDOWS\system32\wbem\esscli.dll - ok11:17:23.0546 2952 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll11:17:23.0546 2952 C:\WINDOWS\system32\wbem\fastprox.dll - ok11:17:23.0562 2952 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok11:17:23.0562 2952 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiutils.dll - ok11:17:23.0562 2952 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok11:17:23.0562 2952 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok11:17:23.0562 2952 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemess.dll - ok11:17:23.0562 2952 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll11:17:23.0562 2952 C:\WINDOWS\system32\wuapi.dll - ok11:17:23.0562 2952 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\ncprov.dll - ok11:17:23.0562 2952 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll11:17:23.0562 2952 C:\WINDOWS\system32\wbem\wbemcons.dll - ok11:17:23.0562 2952 [ E5244A5462FA1F0267D8923538530AF4 ] C:\WINDOWS\system32\nlsdl.dll11:17:23.0562 2952 C:\WINDOWS\system32\nlsdl.dll - ok11:17:23.0562 2952 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll11:17:23.0562 2952 C:\WINDOWS\system32\linkinfo.dll - ok11:17:23.0562 2952 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll11:17:23.0562 2952 C:\WINDOWS\system32\ntshrui.dll - ok11:17:23.0562 2952 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe11:17:23.0562 2952 C:\DOCUME~1\NEIL'S\LOCALS~1\Temp\3BD9E4AF-3588-460F-8BD8-82B8316638DD.exe - ok11:17:23.0578 2952 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll11:17:23.0578 2952 C:\WINDOWS\system32\msctf.dll - ok11:17:23.0578 2952 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll11:17:23.0578 2952 C:\WINDOWS\system32\msutb.dll - ok11:17:23.0578 2952 [ 0671A791C292F46423CFE37B53D598D0 ] C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDFileScanLibrary.dll - ok11:17:23.0578 2952 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe11:17:23.0578 2952 C:\WINDOWS\system32\verclsid.exe - ok11:17:23.0578 2952 [ FAD9807ACDE89A34D2EB4743D57016D7 ] C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll11:17:23.0578 2952 C:\Program Files\Spybot - Search & Destroy 2\SDAdvancedCheckLibrary.dll - ok11:17:23.0578 2952 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\40459742.sys11:17:23.0578 2952 C:\WINDOWS\system32\drivers\40459742.sys - ok11:17:23.0578 2952 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll11:17:23.0578 2952 C:\WINDOWS\system32\mlang.dll - ok11:17:23.0578 2952 [ 569CDDD12656B793732A573D192472F5 ] C:\Program Files\AVG Secure Search\HF_G_Jul.exe11:17:23.0578 2952 C:\Program Files\AVG Secure Search\HF_G_Jul.exe - ok11:17:23.0578 2952 [ C25602103B927A359B3ED9307EB37ED6 ] C:\Program Files\AVG Secure Search\vprot.exe11:17:23.0578 2952 C:\Program Files\AVG Secure Search\vprot.exe - ok11:17:23.0578 2952 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll11:17:23.0578 2952 C:\WINDOWS\system32\upnp.dll - ok11:17:23.0578 2952 [ D29046DC1D22561F3CE08DAC22BBB17B ] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe11:17:23.0578 2952 C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe - ok11:17:23.0578 2952 [ FE821F6FA60E9DF9FDEE69A23488BBAB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe11:17:23.0578 2952 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok11:17:23.0593 2952 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe11:17:23.0593 2952 C:\WINDOWS\system32\rundll32.exe - ok11:17:23.0593 2952 [ 102596AFB271F540E0C77C3634775FE6 ] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe - ok11:17:23.0593 2952 [ B5A4EBA9487F08BECC843A87422B8052 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe11:17:23.0593 2952 C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe - ok11:17:23.0593 2952 [ F290C5F240CD5D0B60C5168A0FA1F2E2 ] C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe - ok11:17:23.0593 2952 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll11:17:23.0593 2952 C:\WINDOWS\system32\ssdpapi.dll - ok11:17:23.0593 2952 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll11:17:23.0593 2952 C:\WINDOWS\system32\netcfgx.dll - ok11:17:23.0593 2952 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll11:17:23.0593 2952 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok11:17:23.0593 2952 [ 7AD47F1F78EB1AEC7D8F262878204DEC ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilDebugLog.dll - ok11:17:23.0593 2952 [ CFBF24322AF177B3C3A81A862B4C3353 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll - ok11:17:23.0593 2952 [ 6BD2C65C3CC612891B552EBB3A7F5370 ] C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll11:17:23.0593 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\libcef.dll - ok11:17:23.0593 2952 [ 2A840675AA2FA3183A86859D441B1B9B ] C:\Program Files\Siber Systems\AI RoboForm\roboform.dll11:17:23.0593 2952 C:\Program Files\Siber Systems\AI RoboForm\roboform.dll - ok11:17:23.0593 2952 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll11:17:23.0593 2952 C:\WINDOWS\system32\webcheck.dll - ok11:17:23.0609 2952 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll11:17:23.0609 2952 C:\WINDOWS\system32\batmeter.dll - ok11:17:23.0609 2952 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll11:17:23.0609 2952 C:\WINDOWS\system32\stobject.dll - ok11:17:23.0609 2952 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL11:17:23.0609 2952 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok11:17:23.0609 2952 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll11:17:23.0609 2952 C:\WINDOWS\system32\WPDShServiceObj.dll - ok11:17:23.0609 2952 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll11:17:23.0609 2952 C:\WINDOWS\system32\mydocs.dll - ok11:17:23.0609 2952 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok11:17:23.0609 2952 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll11:17:23.0609 2952 C:\WINDOWS\system32\PortableDeviceApi.dll - ok11:17:23.0609 2952 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll11:17:23.0609 2952 C:\WINDOWS\system32\usp10.dll - ok11:17:23.0609 2952 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll11:17:23.0609 2952 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok11:17:23.0609 2952 [ 0F3CE8CD921AC76BA344CA35921FCC90 ] C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\boost_thread-vc80-mt-1_49.dll - ok11:17:23.0609 2952 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll11:17:23.0609 2952 C:\WINDOWS\system32\rasdlg.dll - ok11:17:23.0609 2952 [ 97476BB3F51FBD0A944ACC9BFAFD97D8 ] C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll11:17:23.0609 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\outer_AMSP_ClientLibrary.dll - ok11:17:23.0625 2952 [ 21095E7FAE3EC5E927F54E19CC63BA2A ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilIPC.dll - ok11:17:23.0625 2952 [ 3F59765B24EB6770252ACC314BD69D97 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilMsgBuffer.dll - ok11:17:23.0625 2952 [ 25D83BC8E4CA8C757AB648573E94B57C ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilThread.dll - ok11:17:23.0625 2952 [ E1EBB4C5F1D0680EA3E4E7A77ADCA391 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilRPC.dll - ok11:17:23.0625 2952 [ 78CD7BD82E678C0A239010D8B2FAE4FD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilComponentInfo.dll - ok11:17:23.0625 2952 [ DEB46802F1183A90D3E029566B690E84 ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilInstallation.dll - ok11:17:23.0625 2952 [ 9E054D04721F4BA4ACB0C0D189C9B1CD ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilGenericLoader.dll - ok11:17:23.0625 2952 [ 5D13AAA8BC57278BFD45F6FC94AE74ED ] C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\utilJsonHandle.dll - ok11:17:23.0625 2952 [ D90B1558602CCF951F7D0FB21E30723E ] C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll11:17:23.0625 2952 C:\Program Files\Trend Micro\Titanium\UIFramework\instInstallationLibrary.dll - ok11:17:23.0625 2952 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe11:17:23.0625 2952 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok11:17:23.0625 2952 [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll11:17:23.0625 2952 C:\WINDOWS\system32\msvcp100.dll - ok11:17:23.0625 2952 [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll11:17:23.0625 2952 C:\WINDOWS\system32\msvcr100.dll - ok11:17:23.0640 2952 [ D870F564BA017FEFC51D2B3C7E2B568B ] C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll11:17:23.0640 2952 C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll - ok11:17:23.0640 2952 [ 396F72E102E368E402736813ED6683C7 ] C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll - ok11:17:23.0640 2952 [ 54E2D3E2B827A8C3E4B907A4711A31AF ] C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll11:17:23.0640 2952 C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll - ok11:17:23.0640 2952 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok11:17:23.0640 2952 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll11:17:23.0640 2952 C:\WINDOWS\system32\wbem\cimwin32.dll - ok11:17:23.0640 2952 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll11:17:23.0640 2952 C:\WINDOWS\system32\security.dll - ok11:17:23.0640 2952 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll11:17:23.0640 2952 C:\WINDOWS\system32\wbem\wmipcima.dll - ok11:17:23.0640 2952 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll11:17:23.0640 2952 C:\WINDOWS\system32\cfgmgr32.dll - ok11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\coreConfigRepository.dll - ok11:17:23.0640 2952 [ C1630C379C86AF26E8071F918F48637C ] C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\1\2.5.1342\coreFrameworkBuilder.dll - ok11:17:23.0640 2952 [ 09CCF5197D054C9DCE4116DC9A04C211 ] C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\5\2.5.1331\coreConfigRepository.dll - ok11:17:23.0640 2952 [ 767FD31EC6BD6173756ED46400BD0394 ] C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll11:17:23.0640 2952 C:\Program Files\Trend Micro\AMSP\module\7\2.5.1331\coreUpdateManager.dll - ok11:17:23.0656 2952 [ 166C8CEB569EF57626A1466BFE5DDFBC ] C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\utilAccessControl.dll - ok11:17:23.0656 2952 [ 7B97CD8C5ABA843D82114B77A4CB9FB5 ] C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\10\2.5.1374\coreActionManager.dll - ok11:17:23.0656 2952 [ 48F2986BAFC9A7BDB694AE6FF8E0157E ] C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\11\2.5.1374\coreScanManager.dll - ok11:17:23.0656 2952 [ A60E337E5C366AFAFAE5E0751826BEFD ] C:\Program Files\Trend Micro\AMSP\libprotobuf.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\libprotobuf.dll - ok11:17:23.0656 2952 [ B95D1CEC2EF487CFF16FF5D4B058294A ] C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\boost_system-vc80-mt-1_49.dll - ok11:17:23.0656 2952 [ BF2222B87C8761A9D4B78F1BACFF0E87 ] C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\2\2.5.1374\coreCommandManager.dll - ok11:17:23.0656 2952 [ 4796E57D857ED1B3C8D00712E9DBC40A ] C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\3\2.5.1374\coreEventManager.dll - ok11:17:23.0656 2952 [ 8102BAB3919F8D627808916294A7CB91 ] C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\4\2.5.1374\coreTaskManager.dll - ok11:17:23.0656 2952 [ 3A8269C4062B46EF6C7075CA29F8FB86 ] C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\6\2.5.1374\coreReportManager.dll - ok11:17:23.0656 2952 [ 9F7BA8C8D12FFEC4DCF35070B894D018 ] C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\1000001\2.5.1331\paCoreProductAdaptor.dll - ok11:17:23.0656 2952 [ 8A9A1C50BBBF159ADC16397550180470 ] C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\inner_AMSP_ClientLibrary.dll - ok11:17:23.0656 2952 [ 55295E10ED6D63B778908C5DEE1B65C4 ] C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll11:17:23.0656 2952 C:\Program Files\Trend Micro\AMSP\module\20017\1.0.1030\plugAdapterTMEBC.dll - ok11:17:23.0671 2952 [ 3F5F21B9B4A2CA16D2825147395220DF ] C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10000\2.5.1331\9.700.1001\plugEngineVSAPI.dll - ok11:17:23.0671 2952 [ DB23CB8ED6D0459BE01DF87F3AE48CB8 ] C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10001\2.5.1331\6.2.1039\plugEngineSSAPI.dll - ok11:17:23.0671 2952 [ E5276D9A384609679C6925021E1C606A ] C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10002\2.5.1331\7.0.1028\plugEngineDCE.dll - ok11:17:23.0671 2952 [ 6DCC9211C76C380DCABB53F62DDB0BDF ] C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10004\6.0.1056\6.0.1056\plugEngineAEGIS.dll - ok11:17:23.0671 2952 [ 3117843D22D54AAF379C19CA7D612C76 ] C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10005\2.5.1331\3.6.1008\plugEngineTMUFE.dll - ok11:17:23.0671 2952 [ D7D81782F793C417CA7EC22EB7852A34 ] C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10007\2.5.1331\2.51.1006\plugEngineTMFBE.dll - ok11:17:23.0671 2952 [ DACC9B0A1134E5AE263F8AE69E13AB0B ] C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\10008\2.5.1331\2.01.1025\plugEngineICRC.dll - ok11:17:23.0671 2952 [ 3485D3E48434930A4992329FFAB7C7B8 ] C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20001\2.5.1339\5.50.1043\plugAdapterSystem.dll - ok11:17:23.0671 2952 [ 5E6162C9E9B56ECB4EB323436165ABA6 ] C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\plugAdapterProxy.dll - ok11:17:23.0671 2952 [ 7BF25CE72FDAE9145502459766C391AC ] C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30000\2.5.1349\plugRealtimeScanFlow.dll - ok11:17:23.0671 2952 [ 9CAE50E7E5F4513151C4394EF0ADBD18 ] C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30001\2.5.1331\plugManualScanFlow.dll - ok11:17:23.0671 2952 [ 19738D06F0FEA843409C456F07F68DF9 ] C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll11:17:23.0671 2952 C:\Program Files\Trend Micro\AMSP\module\30004\2.5.1331\plugRealTimeScanCache.dll - ok11:17:23.0687 2952 [ BA579C58DB2E90B1309D594776480E41 ] C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40000\2.5.1331\5.50.1043\plugUtilRCM.dll - ok11:17:23.0687 2952 [ B5E4ED1579EBED2E600BDD889A93CB0C ] C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40001\2.6.1163\plugUtilEnum.dll - ok11:17:23.0687 2952 [ C033C4A259CFE9D392455755C6F5D44F ] C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1125\7.5.1125\plugAdapterBP.dll - ok11:17:23.0687 2952 [ 7B40AE9B3B9D6F1A3CC2A42F8A809F45 ] C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10009\3.6.1029\3.6.1029\plugEngineLCE.dll - ok11:17:23.0687 2952 [ EE8681F8FF1A3BC2ABB8FCDAFE62A8A2 ] C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10010\3.6.1029\3.6.1029\plugEngineLES.dll - ok11:17:23.0687 2952 [ FC061EBC804BF83DD729B0077514DC73 ] C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40002\2.5.1342\plugUtilSysInfo.dll - ok11:17:23.0687 2952 [ 285B47EAD7A8D8F01120170F3C513F89 ] C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30005\3.0.1042\plugLocalCorrelationFlow.dll - ok11:17:23.0687 2952 [ 36D4F70629990ABEAD2F52BAAA1B8C19 ] C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10011\2.5.1141\2.5.1141\plugEngineTMSA.dll - ok11:17:23.0687 2952 [ 3852FF230E9ABA1E18C670FA891BA409 ] C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\40003\2.5.1331\2.5.1331\plugUtilException.dll - ok11:17:23.0687 2952 [ 8990207AE499C7D8ED5BE62DBCF02283 ] C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\30006\2.5.1331\plugCommonScanCache.dll - ok11:17:23.0687 2952 [ C6755C665A01532D3C771FB0CC929EEF ] C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\10012\1.6.1018\1.6.1018\plugEngineDre.dll - ok11:17:23.0687 2952 [ 71AA893314D164F483EA6E9FBE815B87 ] C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll11:17:23.0687 2952 C:\Program Files\Trend Micro\AMSP\module\20009\1.5.1012\1.5.1012\plugAdapterNCIE.dll - ok11:17:23.0703 2952 [ B7423E099AE3DDCE20E5AD3CAD4B71F9 ] C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\20011\1.5.1107\1.5.1104\plugAdapterEagleEye.dll - ok11:17:23.0703 2952 [ 9DA1F44786834B4961309BFD60F18248 ] C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10015\6.0.1056\6.0.1056\plugEngineWL.dll - ok11:17:23.0703 2952 [ 11262E9F8455E5F30C69E917E0103E01 ] C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10013\2.5.1331\1.0.1069\plugEnginePeDif.dll - ok11:17:23.0703 2952 [ 9EA2D216C448D570A12694743D1F3518 ] C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10014\1.6.1085\1.6.1085\plugEngineTmCDE.dll - ok11:17:23.0703 2952 [ 3FE418C9408EA5FC2B740B2CAABC71E1 ] C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\40004\2.5.1331\plugUtilLowConfDB.dll - ok11:17:23.0703 2952 [ DA4569BF80F3AEF8D09A7E01C2DD8FB8 ] C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\30007\2.5.1371\2.5.1371\plugCensus.dll - ok11:17:23.0703 2952 [ 988A84A1E59647390044170E33D5337F ] C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll11:17:23.0703 2952 C:\Program Files\Trend Micro\AMSP\module\10016\2.5.1331\2.0.1001\plugEngineSMV.dll - ok11:17:23.0703 2952 ============================================================11:17:23.0703 2952 Scan finished11:17:23.0703 2952 ============================================================11:17:23.0703 2944 Detected object count: 011:17:23.0703 2944 Actual detected object count: 0 Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 9, 2013 ID:632225 Share Posted January 9, 2013 Good morning steveopeo,Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.=====Also, please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A logfile will automatically open after the scan has finished.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[R1].txt as well.=====Please paste the contents of both logs in your reply. Link to post Share on other sites More sharing options...
steveopevo Posted January 10, 2013 Author ID:632286 Share Posted January 10, 2013 ComboFix 13-01-08.01 - NEIL'S 01/09/2013 16:54:17.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2690 [GMT -7:00]Running from: c:\documents and settings\NEIL'S\My Documents\Downloads\ComboFix.exeAV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users.WINDOWS\Application Data\TEMPc:\documents and settings\NEIL'S\My Documents\wpabaln.exeC:\prefs.jsc:\windows\system32\Cachec:\windows\system32\Cache\262643b75c37f5ca.fbc:\windows\system32\Cache\272512937d9e61a4.fbc:\windows\system32\Cache\287204568329e189.fbc:\windows\system32\Cache\28bc8f716fd76a47.fbc:\windows\system32\Cache\2c53092c95605355.fbc:\windows\system32\Cache\31a0997e9a5b5eb3.fbc:\windows\system32\Cache\32c84fe32bb74d60.fbc:\windows\system32\Cache\3917078cb68ec657.fbc:\windows\system32\Cache\48d67d4b09e3cbf2.fbc:\windows\system32\Cache\52956e87180d8fe0.fbc:\windows\system32\Cache\590ba23ce359fd0c.fbc:\windows\system32\Cache\610289e025a3ee9a.fbc:\windows\system32\Cache\63ef0dbca4051940.fbc:\windows\system32\Cache\651c5d3cdbfb8bd1.fbc:\windows\system32\Cache\68ad56a4659b4a48.fbc:\windows\system32\Cache\6c59ac5e7e7a3ad0.fbc:\windows\system32\Cache\6d03dad1035885d3.fbc:\windows\system32\Cache\a8556537add6dfc5.fbc:\windows\system32\Cache\ad10a52aff5e038d.fbc:\windows\system32\Cache\c1fa887b03019701.fbc:\windows\system32\Cache\c4d28dca2e7648be.fbc:\windows\system32\Cache\c9edfb3dbcb25b7e.fbc:\windows\system32\Cache\d201ef9910cd39de.fbc:\windows\system32\Cache\d2e94710a5708128.fbc:\windows\system32\Cache\d79b9dfe81484ec4.fbc:\windows\system32\Cache\e0de16f883bea794.fbc:\windows\system32\Cache\e8bcb6954ecca995.fbc:\windows\system32\Cache\f998975c9cc711ee.fbc:\windows\system32\dllcache\wmpvis.dllc:\windows\system32\servicec:\windows\system32\service\02072011_TIS17_SfFniAU.logc:\windows\system32\service\04012011_TIS17_SfFniAU.logc:\windows\system32\service\04122009_TIS17_SfFniAU.logc:\windows\system32\service\05012011_TIS17_SfFniAU.logc:\windows\system32\service\07042011_TIS17_SfFniAU.logc:\windows\system32\service\10102010_TIS17_SfFniAU.logc:\windows\system32\service\11102010_TIS17_SfFniAU.logc:\windows\system32\service\12012010_TIS17_SfFniAU.logc:\windows\system32\service\13012011_TIS17_SfFniAU.logc:\windows\system32\service\13022010_TIS17_SfFniAU.logc:\windows\system32\service\13032010_TIS17_SfFniAU.logc:\windows\system32\service\14032011_TIS17_SfFniAU.logc:\windows\system32\service\16052009_TIS17_SfFniAU.logc:\windows\system32\service\17102010_TIS17_SfFniAU.logc:\windows\system32\service\18032011_TIS17_SfFniAU.logc:\windows\system32\service\19122009_TIS17_SfFniAU.logc:\windows\system32\service\20012011_TIS17_SfFniAU.logc:\windows\system32\service\20022010_TIS17_SfFniAU.logc:\windows\system32\service\20032011_TIS17_SfFniAU.logc:\windows\system32\service\22062009_TIS17_SfFniAU.logc:\windows\system32\service\24052011_TIS17_SfFniAU.logc:\windows\system32\service\24072009_TIS17_SfFniAU.logc:\windows\system32\service\26022011_TIS17_SfFniAU.logc:\windows\system32\service\26032011_TIS17_SfFniAU.logc:\windows\system32\service\26102010_TIS17_SfFniAU.logc:\windows\system32\service\27032011_TIS17_SfFniAU.logc:\windows\system32\service\27112009_TIS17_SfFniAU.logc:\windows\system32\service\30102010_TIS17_SfFniAU.logc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))..2013-01-03 00:02 . 2013-01-03 00:02 181808 ----a-w- c:\windows\RegBootClean.exe2013-01-01 06:40 . 2013-01-01 06:40 -------- d-----w- c:\program files\WinPcap2013-01-01 05:20 . 2013-01-01 05:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ErrorEND2012-12-31 19:46 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-31 19:36 . 2012-12-31 19:41 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro2012-12-31 19:23 . 2012-12-31 19:23 -------- d-----w- c:\windows\system32\wbem\Repository2012-12-29 19:25 . 2012-12-29 19:30 -------- d-----w- c:\documents and settings\NEIL'S\Application Data\FixCleaner2012-12-29 19:25 . 2012-12-29 19:40 -------- d-----w- c:\program files\FixCleaner2012-12-29 18:53 . 2012-12-29 18:53 -------- d-----w- c:\program files\do not track2012-12-29 18:51 . 2012-12-29 18:54 -------- d-----w- c:\program files\emsisoft2012-12-29 06:41 . 2012-12-29 06:41 138864 ----a-w- c:\windows\system32\drivers\06413029.sys2012-12-29 06:33 . 2012-12-29 06:37 -------- d-----w- c:\program files\mbar-anti rootkit2012-12-29 05:30 . 2013-01-02 23:45 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\DoNotTrackPlus2012-12-29 05:30 . 2012-12-29 05:30 -------- d-----w- c:\program files\DoNotTrackPlus2012-12-29 05:25 . 2009-01-25 19:14 15224 ----a-w- c:\windows\system32\sdnclean.exe2012-12-29 05:20 . 2012-12-29 05:20 -------- d-----w- C:\TMRescueDisk2012-12-29 05:13 . 2012-07-11 08:35 90808 ----a-w- c:\windows\system32\drivers\tmeext.sys2012-12-29 05:13 . 2012-07-06 03:33 171064 ----a-w- c:\windows\system32\drivers\tmnciesc.sys2012-12-29 05:13 . 2012-05-02 19:27 92304 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-12-29 05:13 . 2012-07-12 10:30 94200 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-12-29 05:13 . 2012-07-12 10:29 75624 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-12-29 05:13 . 2012-07-12 10:29 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-12-29 05:13 . 2012-08-24 13:06 38328 ----a-w- c:\windows\system32\drivers\TMEBC32.sys2012-12-29 05:12 . 2012-12-29 05:12 59 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-12-29 04:36 . 2012-12-29 04:36 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Trend Micro2012-12-29 01:09 . 2012-12-29 01:09 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache2012-12-26 08:20 . 2012-12-26 08:20 -------- d-sh--w- c:\documents and settings\Default User.WINDOWS\IETldCache2012-12-26 07:58 . 2012-12-29 04:38 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy2012-12-26 07:58 . 2012-12-29 05:25 -------- d-----w- c:\program files\Spybot - Search & Destroy 22012-12-26 06:12 . 2012-12-26 06:12 -------- d-----w- c:\documents and settings\NEIL'S\Local Settings\Application Data\Mozilla...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-01-08 23:32 . 2012-05-10 05:11 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe2013-01-08 23:32 . 2011-07-30 17:06 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-16 12:23 . 2007-07-27 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll2012-11-13 01:25 . 2007-07-27 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys2012-11-09 01:03 . 2012-11-09 01:03 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys2012-11-06 02:01 . 2009-08-20 00:07 1371648 ------w- c:\windows\system32\msxml6.dll2012-11-02 02:02 . 2007-07-27 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll2012-11-01 12:17 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-11-01 12:17 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2012-11-01 12:17 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-11-01 00:35 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec2012-10-13 02:09 . 2012-12-02 04:41 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe2012-11-29 08:27 . 2013-01-08 02:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..------- Sigcheck -------Note: Unsigned files aren't necessarily malware..[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe.c:\windows\System32\ctfmon.exe ... is missing !!.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2012-12-31 19:25 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-12-31 1796552].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-13 160592].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-12-31 997320]"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-25 928096]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-07-25 133456]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176].[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ \0.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]@="Service".[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]2008-05-28 15:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Fix-It Task Manager"=2 (0x2)"TuneUp.UtilitiesSvc"=2 (0x2)"NBService"=3 (0x3).[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe""QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"="c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management.R0 TMEBC;TMEBC;c:\windows\system32\drivers\TMEBC32.sys [12/28/2012 10:13 PM 38328]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/8/2012 6:03 PM 26984]R1 tmeext;tmeext;c:\windows\system32\drivers\tmeext.sys [12/28/2012 10:13 PM 90808]R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/28/2012 10:13 PM 75624]R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/9/2012 3:43 PM 464256]R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [11/9/2012 3:49 PM 821592]R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [12/28/2012 10:25 PM 1103392]R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [12/28/2012 10:25 PM 1369624]R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [12/8/2011 9:34 AM 1527104]R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [11/8/2012 6:03 PM 711112]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4/6/2009 6:40 AM 37376]R3 tmnciesc;tmnciesc;c:\windows\system32\drivers\tmnciesc.sys [12/28/2012 10:13 PM 171064]R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10/7/2010 1:34 PM 10064]S1 A2DDA;A2 Direct Disk Access Support Driver; [x]S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [12/28/2012 10:12 PM 221264]S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [12/28/2012 10:25 PM 168384]S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [11/9/2012 3:49 PM 246816]S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [11/9/2012 3:49 PM 30408]S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [11/9/2012 3:49 PM 16248]S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [8/21/2011 2:28 PM 25704]S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [8/21/2011 2:28 PM 25704]S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [8/21/2011 2:28 PM 25704]S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [8/21/2011 2:28 PM 25704]S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [8/21/2011 2:28 PM 25704].--- Other Services/Drivers In Memory ---.*Deregistered* - uphcleanhlp.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsUxTuneUp.Contents of the 'Scheduled Tasks' folder.2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 23:32].2013-01-09 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-12-29 21:08].2012-12-29 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-12-29 21:07].2012-12-29 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-12-29 21:07]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlTCP: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dllDPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CABFF - ProfilePath - c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\FF - prefs.js: browser.startup.homepage - about:homeFF - ExtSQL: 2012-12-28 22:12; {22181a4d-af90-4ca3-a569-faed9118d6bc}; c:\program files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextensionFF - ExtSQL: 2012-12-31 12:25; tmbepff-7.5@trendmicro.com; c:\program files\Trend Micro\AMSP\Module\20002\7.5.1125\7.5.1125\firefoxextensionFF - ExtSQL: 2012-12-31 12:25; avg@toolbar; c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search\FireFoxExt\13.2.0.5FF - ExtSQL: 2013-01-07 19:29; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; c:\program files\Trend Micro\AMSP\module\20004\FxExt\firefoxextensionFF - ExtSQL: 2013-01-08 15:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpiFF - user.js: network.http.max-persistent-connections-per-server - 4FF - user.js: nglayout.initialpaint.delay - 600FF - user.js: content.notify.interval - 600000FF - user.js: content.max.tokenizing.time - 1800000FF - user.js: content.switch.threshold - 600000.- - - - ORPHANS REMOVED - - - -.Toolbar-10 - (no file)Notify-SDWinLogon - SDWinLogon.dllSafeBoot-22288891.sysMSConfigStartUp-ctfmon - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2013-01-09 16:56Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".Completion time: 2013-01-09 16:57:33ComboFix-quarantined-files.txt 2013-01-09 23:57.Pre-Run: 234,116,800,512 bytes freePost-Run: 234,471,432,192 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optinmulti(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn[spybotsd]timeout.old=4.- - End Of File - - D1EBCC530B4143FC54994BB513057BE8 Link to post Share on other sites More sharing options...
steveopevo Posted January 10, 2013 Author ID:632288 Share Posted January 10, 2013 # AdwCleaner v2.105 - Logfile created 01/09/2013 at 17:05:45# Updated 08/01/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : NEIL'S - HOME# Boot Mode : Normal# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure SearchFolder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallMateFolder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\PremiumFolder Found : C:\Documents and Settings\NEIL'S\Application Data\AVG Secure SearchFolder Found : C:\Documents and Settings\NEIL'S\Application Data\imeshbandmltbpiFolder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\AVG Secure SearchFolder Found : C:\Documents and Settings\NEIL'S\Local Settings\Application Data\ConduitFolder Found : C:\Program Files\AVG Secure SearchFolder Found : C:\Program Files\Common Files\AVG Secure SearchFolder Found : C:\Program Files\ConduitFolder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}***** [Registry] *****Key Found : HKCU\Software\AVG Secure SearchKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\Software\AVG Secure SearchKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\Software\ConduitKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure SearchKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKU\S-1-5-21-2025429265-1417001333-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702[OK] Registry is clean.-\\ Mozilla Firefox v17.0.1 (en-US)File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js[OK] File is clean.*************************AdwCleaner[R1].txt - [12563 octets] - [31/12/2012 12:17:12]AdwCleaner[R2].txt - [5868 octets] - [09/01/2013 17:05:45]AdwCleaner[s1].txt - [6452 octets] - [31/12/2012 12:17:54]########## EOF - C:\AdwCleaner[R2].txt - [5988 octets] ########## Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 10, 2013 ID:632378 Share Posted January 10, 2013 Hello steveopeo,Please do the following to re-run AdwCleaner:Please close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile in your reply.You can find the logfile at C:\AdwCleaner[s1].txt as well.Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.When the deletion is done, AdwCleaner will reboot the computer again and open the logfile. Does the issue remain? Link to post Share on other sites More sharing options...
steveopevo Posted January 10, 2013 Author ID:632621 Share Posted January 10, 2013 the first time I ran AdwCleaner it didn't generate a report so I ran it a second time and it did. I downloaded firefox a few days ago and so far it has not been hijacked. IE isn't being redirected anymore but is having trouble loading certain webpages and is very slow.# AdwCleaner v2.105 - Logfile created 01/10/2013 at 15:55:29# Updated 08/01/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : NEIL'S - HOME# Boot Mode : Normal# Running from : C:\Documents and Settings\NEIL'S\My Documents\Downloads\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702[OK] Registry is clean.-\\ Mozilla Firefox v17.0.1 (en-US)File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\3rnry6zm.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\qkemupa8.default\prefs.js[OK] File is clean.File : C:\Documents and Settings\NEIL'S\Application Data\Mozilla\Firefox\Profiles\y5uszhj3.default\prefs.js[OK] File is clean.*************************AdwCleaner[R2].txt - [6057 octets] - [09/01/2013 17:05:45]AdwCleaner[s2].txt - [1044 octets] - [10/01/2013 15:55:29]########## EOF - C:\AdwCleaner[s2].txt - [1104 octets] ########## Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 11, 2013 ID:632684 Share Posted January 11, 2013 Hello steveopeo,Please download the Kaspersky Virus Removal Tool from here to your Desktop.Double-click the Removal Tool.Click the cog in the upper right corner:Select down to and including your main drive.Once done please select the Automatic Scan tab and press Start Scan.Allow AVP to delete all infections found.Once it has finished select the Report tab.Select the Detected threats report from the left and press the Save button.Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
steveopevo Posted January 12, 2013 Author ID:633266 Share Posted January 12, 2013 Status: Deleted (events: 3) 1/11/2013 9:01:35 PM Deleted Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\NEIL'S\Application Data\Sun\Java\Deployment\cache\6.0\29\2f44825d-2098a00f High 1/11/2013 9:01:35 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046134.exe High 1/11/2013 9:01:42 PM Deleted Trojan program Trojan.Win32.Midhos.adpm C:\System Volume Information\_restore{3573B25C-C126-4199-AED2-449164241786}\RP43\A0046135.exe High Link to post Share on other sites More sharing options...
TheDarkKnight Posted January 12, 2013 ID:633456 Share Posted January 12, 2013 Hey steveopeo,Please run a free online scan with the ESET Online Scanner.Note: You can use Internet Explorer or Mozilla Firefox for this scan.Tick the box next to YES, I accept the Terms of Use.Click Start.When asked, allow the ActiveX control to install.Click Start.Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.Click Scan.Wait for the scan to finish.Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.Copy and paste that log as a reply to this topic.Do any issues remain? Link to post Share on other sites
Recommended Posts