Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ukash
Message
<blockquote data-quote="Sparks" data-source="post: 117781" data-attributes="member: 7672"><p>Hi,</p><p>Thanks for all your help all seems to be working great now, there is no way i could have done this myself without your knowledge and patience. Thanks.</p><p>Please see logs attached ( I Hope ).</p><p>Regards,</p><p></p><p>Sparks.</p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02</p><p>Ran by SYSTEM on 22-04-2013 10:01:22</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet002</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x]</p><p>HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation)</p><p>HKLM\...\Run: [nwiz] nwiz.exe /install [x]</p><p>HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation)</p><p>HKLM\...\Run: [PMX Daemon] ICO.EXE [x]</p><p>HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] ()</p><p>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)</p><p>HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)</p><p>HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)</p><p>HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()</p><p>HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)</p><p>HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.)</p><p>HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.)</p><p>HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)</p><p>HKLM\...\Winlogon: [System] </p><p>Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)</p><p>Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess</p><p>HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)</p><p>HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x]</p><p>HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk</p><p>ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk</p><p>ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)</p><p>S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.)</p><p>S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)</p><p>S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)</p><p>S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()</p><p>S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.)</p><p>S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.)</p><p>S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.)</p><p>S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)</p><p>S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)</p><p>S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)</p><p>S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation)</p><p>S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)</p><p>S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)</p><p>S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)</p><p>S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)</p><p>S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)</p><p>S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)</p><p>S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)</p><p>S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)</p><p>S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)</p><p>S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)</p><p>S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)</p><p>S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)</p><p>S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.)</p><p>S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.)</p><p>S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)</p><p>S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation)</p><p>S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation)</p><p>S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.)</p><p>S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.)</p><p>S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.)</p><p>S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.)</p><p>S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.)</p><p>S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)</p><p>S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)</p><p>S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S4 LMIRfsClientNP; No ImagePath</p><p>S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST</p><p>2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log</p><p>2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini</p><p>2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST</p><p>2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log</p><p>2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log</p><p>2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log</p><p>2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log</p><p>2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini</p><p>2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl</p><p>2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job</p><p>2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job</p><p>2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini</p><p>2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini</p><p>2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log</p><p>2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC</p><p>2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini</p><p>2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job</p><p>2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert</p><p>2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM</p><p>2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates</p><p>2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$</p><p>2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p>2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI</p><p></p><p>==================== Known DLLs (ALL) =========================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999 </p><p></p><p>RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998 </p><p></p><p>RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997 </p><p></p><p>RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996 </p><p></p><p>RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995 </p><p></p><p>RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994 </p><p></p><p>RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993 </p><p></p><p>RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992 </p><p></p><p>RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991 </p><p></p><p>RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990 </p><p></p><p>RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989 </p><p></p><p>RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988 </p><p></p><p>RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987 </p><p></p><p>RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986 </p><p></p><p>RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985 </p><p></p><p>RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984 </p><p></p><p>RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983 </p><p></p><p>RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982 </p><p></p><p>RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981 </p><p></p><p>RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980 </p><p></p><p>RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979 </p><p></p><p>RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978 </p><p></p><p>RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977 </p><p></p><p>RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976 </p><p></p><p>RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975 </p><p></p><p>RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974 </p><p></p><p>RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973 </p><p></p><p>RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972 </p><p></p><p>RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971 </p><p></p><p>RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970 </p><p></p><p>RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969 </p><p></p><p>RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968 </p><p></p><p>RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967 </p><p></p><p>RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966 </p><p></p><p>RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965 </p><p></p><p>RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964 </p><p></p><p>RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963 </p><p></p><p>RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962 </p><p></p><p>RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961 </p><p></p><p>RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960 </p><p></p><p>RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959 </p><p></p><p>RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958 </p><p></p><p>RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957 </p><p></p><p>RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956 </p><p></p><p>RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955 </p><p></p><p>RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954 </p><p></p><p>RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953 </p><p></p><p>RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952 </p><p></p><p>RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951 </p><p></p><p>RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950 </p><p></p><p>RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949 </p><p></p><p>RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948 </p><p></p><p>RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947 </p><p></p><p>RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946 </p><p></p><p>RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945 </p><p></p><p>RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944 </p><p></p><p>RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943 </p><p></p><p>RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942 </p><p></p><p>RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941 </p><p></p><p>RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940 </p><p></p><p>RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939 </p><p></p><p>RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938 </p><p></p><p>RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937 </p><p></p><p>RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936 </p><p></p><p>RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935 </p><p></p><p>RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934 </p><p></p><p>RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933 </p><p></p><p>RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932 </p><p></p><p>RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931 </p><p></p><p>RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930 </p><p></p><p>RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929 </p><p></p><p>RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928 </p><p></p><p>RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927 </p><p></p><p>RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926 </p><p></p><p>RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925 </p><p></p><p>RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002 </p><p></p><p>RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001 </p><p></p><p>RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 1982.36 MB</p><p>Available physical RAM: 1712.07 MB</p><p>Total Pagefile: 1813.46 MB</p><p>Available Pagefile: 1742.18 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.54 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 149 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 78 MB 32 KB</p><p> Partition 2 Primary 149 GB 78 MB</p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 FAT Partition 78 MB Healthy </p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 C NTFS Partition 149 GB Healthy </p><p>=========================================================</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3)</p><p></p><p>Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)</p><p></p><p>Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS)</p><p></p><p>====================================================================</p><p>Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D)</p><p></p><p>Partition 1: (Active) - (Size=15 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.05.0.1001</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.04.23.02</p><p></p><p>Windows XP Service Pack 3 x86 NTFS</p><p>Internet Explorer 8.0.6001.18702</p><p>Anyone :: D6M2H04J [administrator]</p><p></p><p>23/04/2013 11:35:23</p><p>mbar-log-2013-04-23 (11-35-23).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</p><p>Scan options disabled: </p><p>Objects scanned: 26805</p><p>Time elapsed: 40 minute(s), 33 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 1</p><p>HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.</p><p></p><p>Registry Values Detected: 1</p><p>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD|CDBurn (Hijack.Trojan.Siredef.C) -> Data: {fbeb8a05-beee-4442-804e-409d6c4515e9} -> Delete on reboot.</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 6</p><p>c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot.</p><p>c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot.</p><p></p><p>Files Detected: 1</p><p>c:\Documents and Settings\Anyone\Local Settings\Temp\clljqg (Spyware.Zbot.USBV) -> Delete on reboot.</p><p></p><p>(end)</p><p></p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.05.0.1001</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.04.23.02</p><p></p><p>Windows XP Service Pack 3 x86 NTFS</p><p>Internet Explorer 8.0.6001.18702</p><p>Anyone :: D6M2H04J [administrator]</p><p></p><p>23/04/2013 12:18:13</p><p>mbar-log-2013-04-23 (12-18-13).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P</p><p>Scan options disabled: </p><p>Objects scanned: 26782</p><p>Time elapsed: 35 minute(s), 23 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.05.0.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.6001.18702</p><p></p><p>Java version: 1.6.0_26</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 2.705000 GHz</p><p>Memory total: 2078650368, free: 1323065344</p><p></p><p>------------ Kernel report ------------</p><p> 04/23/2013 10:53:53</p><p>------------ Loaded modules -----------</p><p>\WINDOWS\system32\ntkrnlpa.exe</p><p>\WINDOWS\system32\hal.dll</p><p>\WINDOWS\system32\KDCOM.DLL</p><p>\WINDOWS\system32\BOOTVID.dll</p><p>ACPI.sys</p><p>\WINDOWS\system32\DRIVERS\WMILIB.SYS</p><p>pci.sys</p><p>isapnp.sys</p><p>pciide.sys</p><p>\WINDOWS\system32\DRIVERS\PCIIDEX.SYS</p><p>MountMgr.sys</p><p>ftdisk.sys</p><p>dmload.sys</p><p>dmio.sys</p><p>PartMgr.sys</p><p>nvraid.sys</p><p>\WINDOWS\system32\drivers\CLASSPNP.SYS</p><p>VolSnap.sys</p><p>atapi.sys</p><p>nvgts.sys</p><p>\WINDOWS\system32\drivers\SCSIPORT.SYS</p><p>nvatabus.sys</p><p>disk.sys</p><p>fltMgr.sys</p><p>sr.sys</p><p>DLACDBHM.SYS</p><p>DRVMCDB.SYS</p><p>PxHelp20.sys</p><p>KSecDD.sys</p><p>WudfPf.sys</p><p>Ntfs.sys</p><p>NDIS.sys</p><p>Mup.sys</p><p>\SystemRoot\system32\DRIVERS\AmdPPM.sys</p><p>\SystemRoot\system32\DRIVERS\b57xp32.sys</p><p>\SystemRoot\system32\DRIVERS\nv4_mini.sys</p><p>\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbohci.sys</p><p>\SystemRoot\system32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\system32\DRIVERS\usbehci.sys</p><p>\SystemRoot\system32\DRIVERS\imapi.sys</p><p>\SystemRoot\system32\drivers\Afc.sys</p><p>\SystemRoot\System32\Drivers\cdrbsdrv.SYS</p><p>\SystemRoot\system32\DRIVERS\cdrom.sys</p><p>\SystemRoot\system32\DRIVERS\redbook.sys</p><p>\SystemRoot\system32\DRIVERS\ks.sys</p><p>\SystemRoot\system32\DRIVERS\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\serial.sys</p><p>\SystemRoot\system32\DRIVERS\serenum.sys</p><p>\SystemRoot\system32\DRIVERS\parport.sys</p><p>\SystemRoot\system32\DRIVERS\lmimirr.sys</p><p>\SystemRoot\system32\DRIVERS\audstub.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\system32\DRIVERS\psched.sys</p><p>\SystemRoot\system32\DRIVERS\msgpc.sys</p><p>\SystemRoot\system32\DRIVERS\ptilink.sys</p><p>\SystemRoot\system32\DRIVERS\raspti.sys</p><p>\SystemRoot\system32\DRIVERS\rdpdr.sys</p><p>\SystemRoot\system32\DRIVERS\termdd.sys</p><p>\SystemRoot\system32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\system32\DRIVERS\mouclass.sys</p><p>\SystemRoot\system32\DRIVERS\seehcri.sys</p><p>\SystemRoot\system32\DRIVERS\swenum.sys</p><p>\SystemRoot\system32\DRIVERS\update.sys</p><p>\SystemRoot\system32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\system32\DRIVERS\TM_CFW.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\system32\DRIVERS\usbhub.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\drivers\sthda.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\Drivers\i2omgmt.SYS</p><p>\SystemRoot\System32\Drivers\Fs_Rec.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\Drivers\DLARTL_M.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\Drivers\mnmdd.SYS</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\system32\DRIVERS\rasacd.sys</p><p>\SystemRoot\system32\DRIVERS\ipsec.sys</p><p>\SystemRoot\system32\DRIVERS\tcpip.sys</p><p>\SystemRoot\system32\DRIVERS\netbt.sys</p><p>\SystemRoot\System32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\tmtdi.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\System32\Drivers\Fips.SYS</p><p>\SystemRoot\system32\DRIVERS\pmxusblf.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\pmxmouse.sys</p><p>\SystemRoot\system32\DRIVERS\hidusb.sys</p><p>\SystemRoot\system32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\DRIVERS\mouhid.sys</p><p>\SystemRoot\system32\DRIVERS\kbdhid.sys</p><p>\SystemRoot\system32\DRIVERS\usbscan.sys</p><p>\SystemRoot\system32\DRIVERS\usbprint.sys</p><p>\SystemRoot\System32\Drivers\Cdfs.SYS</p><p>\SystemRoot\System32\Drivers\dump_diskdump.sys</p><p>\SystemRoot\System32\Drivers\dump_nvgts.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\System32\drivers\dxgthk.sys</p><p>\SystemRoot\System32\nv4_disp.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\??\C:\WINDOWS\system32\drivers\mbam.sys</p><p>\??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys</p><p>\??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys</p><p>\??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys</p><p>\SystemRoot\System32\Drivers\DRVNDDM.SYS</p><p>\SystemRoot\System32\Drivers\DLADResM.SYS</p><p>\SystemRoot\System32\Drivers\DLAIFS_M.SYS</p><p>\SystemRoot\System32\Drivers\DLAOPIOM.SYS</p><p>\SystemRoot\System32\Drivers\DLAPoolM.SYS</p><p>\SystemRoot\System32\Drivers\DLABMFSM.SYS</p><p>\SystemRoot\System32\Drivers\DLABOIOM.SYS</p><p>\SystemRoot\System32\Drivers\DLAUDFAM.SYS</p><p>\SystemRoot\System32\Drivers\DLAUDF_M.SYS</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\mrxdav.sys</p><p>\??\C:\WINDOWS\system32\drivers\tmcomm.sys</p><p>\??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys</p><p>\SystemRoot\system32\DRIVERS\srv.sys</p><p>\??\C:\Program Files\LogMeIn\x86\RaInfo.sys</p><p>\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys</p><p>\SystemRoot\system32\drivers\wdmaud.sys</p><p>\SystemRoot\system32\drivers\sysaudio.sys</p><p>\SystemRoot\System32\Drivers\HTTP.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys</p><p>\WINDOWS\system32\ntdll.dll</p><p>\WINDOWS\system32\smss.exe</p><p>\WINDOWS\system32\autochk.exe</p><p>\WINDOWS\system32\sfcfiles.dll</p><p>\WINDOWS\system32\csrss.exe</p><p>\WINDOWS\system32\csrsrv.dll</p><p>\WINDOWS\system32\basesrv.dll</p><p>\WINDOWS\system32\winsrv.dll</p><p>\WINDOWS\system32\gdi32.dll</p><p>\WINDOWS\system32\kernel32.dll</p><p>\WINDOWS\system32\user32.dll</p><p>\WINDOWS\system32\advapi32.dll</p><p>\WINDOWS\system32\rpcrt4.dll</p><p>\WINDOWS\system32\secur32.dll</p><p>\WINDOWS\system32\authz.dll</p><p>\WINDOWS\system32\msvcrt.dll</p><p>\WINDOWS\system32\crypt32.dll</p><p>\WINDOWS\system32\msasn1.dll</p><p>\WINDOWS\system32\nddeapi.dll</p><p>\WINDOWS\system32\profmap.dll</p><p>\WINDOWS\system32\netapi32.dll</p><p>\WINDOWS\system32\userenv.dll</p><p>\WINDOWS\system32\psapi.dll</p><p>\WINDOWS\system32\regapi.dll</p><p>\WINDOWS\system32\setupapi.dll</p><p>\WINDOWS\system32\version.dll</p><p>\WINDOWS\system32\winsta.dll</p><p>\WINDOWS\system32\wintrust.dll</p><p>\WINDOWS\system32\imagehlp.dll</p><p>\WINDOWS\system32\ws2_32.dll</p><p>\WINDOWS\system32\ws2help.dll</p><p>\WINDOWS\system32\imm32.dll</p><p>\WINDOWS\system32\kbduk.dll</p><p>\WINDOWS\system32\msgina.dll</p><p>\WINDOWS\system32\comctl32.dll</p><p>\WINDOWS\system32\odbc32.dll</p><p>\WINDOWS\system32\comdlg32.dll</p><p>\WINDOWS\system32\shell32.dll</p><p>\WINDOWS\system32\shlwapi.dll</p><p>\WINDOWS\system32\sxs.dll</p><p>\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll</p><p>\WINDOWS\system32\shsvcs.dll</p><p>\WINDOWS\system32\sfc.dll</p><p>\WINDOWS\system32\sfc_os.dll</p><p>\WINDOWS\system32\ole32.dll</p><p>\WINDOWS\system32\apphelp.dll</p><p>\WINDOWS\system32\lsasrv.dll</p><p>\WINDOWS\system32\mpr.dll</p><p>\WINDOWS\system32\ntdsapi.dll</p><p>\WINDOWS\system32\dnsapi.dll</p><p>\WINDOWS\system32\wldap32.dll</p><p>\WINDOWS\system32\samlib.dll</p><p>\WINDOWS\system32\samsrv.dll</p><p>\WINDOWS\system32\cryptdll.dll</p><p>\WINDOWS\system32\shimeng.dll</p><p>\WINDOWS\AppPatch\AcGenral.dll</p><p>\WINDOWS\system32\winmm.dll</p><p>\WINDOWS\system32\oleaut32.dll</p><p>\WINDOWS\system32\msacm32.dll</p><p>\WINDOWS\system32\uxtheme.dll</p><p>\WINDOWS\system32\msapsspc.dll</p><p>\WINDOWS\system32\msvcrt40.dll</p><p>\WINDOWS\system32\schannel.dll</p><p>\WINDOWS\system32\ncobjapi.dll</p><p>\WINDOWS\system32\msvcp60.dll</p><p>\WINDOWS\system32\scesrv.dll</p><p>\WINDOWS\system32\umpnpmgr.dll</p><p>\WINDOWS\AppPatch\AcAdProc.dll</p><p>\WINDOWS\system32\digest.dll</p><p>\WINDOWS\system32\msnsspc.dll</p><p>\WINDOWS\system32\MSCTFIME.IME</p><p>\WINDOWS\system32\kerberos.dll</p><p>\WINDOWS\system32\msv1_0.dll</p><p>\WINDOWS\system32\iphlpapi.dll</p><p>\WINDOWS\system32\netlogon.dll</p><p>\WINDOWS\system32\w32time.dll</p><p>\WINDOWS\system32\wdigest.dll</p><p>\WINDOWS\system32\rsaenh.dll</p><p>\WINDOWS\system32\winscard.dll</p><p>\WINDOWS\system32\wtsapi32.dll</p><p>\WINDOWS\system32\scecli.dll</p><p>\WINDOWS\system32\ntmarta.dll</p><p>\WINDOWS\system32\rpcss.dll</p><p>\WINDOWS\system32\eventlog.dll</p><p>\WINDOWS\system32\mswsock.dll</p><p>\WINDOWS\system32\hnetcfg.dll</p><p>\WINDOWS\system32\wshtcpip.dll</p><p>\WINDOWS\system32\winrnr.dll</p><p>\Program Files\Bonjour\mdnsNSP.dll</p><p>\WINDOWS\system32\rasadhlp.dll</p><p>\WINDOWS\system32\dhcpcsvc.dll</p><p>\WINDOWS\system32\dnsrslvr.dll</p><p>\WINDOWS\system32\lmhsvc.dll</p><p>\WINDOWS\system32\wzcsvc.dll</p><p>\WINDOWS\system32\rtutils.dll</p><p>\WINDOWS\system32\wmi.dll</p><p>\WINDOWS\system32\eapolqec.dll</p><p>\WINDOWS\system32\atl.dll</p><p>\WINDOWS\system32\qutil.dll</p><p>\WINDOWS\system32\dot3api.dll</p><p>\WINDOWS\system32\esent.dll</p><p>\WINDOWS\system32\clbcatq.dll</p><p>\WINDOWS\system32\comres.dll</p><p>\WINDOWS\system32\rastls.dll</p><p>\WINDOWS\system32\cryptui.dll</p><p>\WINDOWS\system32\wininet.dll</p><p>\WINDOWS\system32\urlmon.dll</p><p>\WINDOWS\system32\iertutil.dll</p><p>\WINDOWS\system32\mprapi.dll</p><p>\WINDOWS\system32\activeds.dll</p><p>\WINDOWS\system32\adsldpc.dll</p><p>\WINDOWS\system32\cscdll.dll</p><p>\WINDOWS\system32\dimsntfy.dll</p><p>\WINDOWS\system32\LMIinit.dll</p><p>\WINDOWS\system32\rasapi32.dll</p><p>\WINDOWS\system32\rasman.dll</p><p>\WINDOWS\system32\tapi32.dll</p><p>\WINDOWS\system32\riched20.dll</p><p>\WINDOWS\system32\raschap.dll</p><p>\WINDOWS\system32\schedsvc.dll</p><p>\WINDOWS\system32\wlnotify.dll</p><p>\WINDOWS\system32\winspool.drv</p><p>\WINDOWS\system32\msxml3.dll</p><p>\WINDOWS\system32\msidle.dll</p><p>\WINDOWS\system32\audiosrv.dll</p><p>\WINDOWS\system32\wkssvc.dll</p><p>\WINDOWS\system32\webclnt.dll</p><p>\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe</p><p>\WINDOWS\system32\wsock32.dll</p><p>\WINDOWS\system32\cfgmgr32.dll</p><p>\WINDOWS\system32\qmgr.dll</p><p>\WINDOWS\system32\shfolder.dll</p><p>\WINDOWS\system32\winhttp.dll</p><p>\WINDOWS\system32\cryptsvc.dll</p><p>\WINDOWS\system32\certcli.dll</p><p>\WINDOWS\system32\dmserver.dll</p><p>\WINDOWS\system32\ersvc.dll</p><p>\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll</p><p>\WINDOWS\system32\es.dll</p><p>\WINDOWS\system32\hidserv.dll</p><p>\WINDOWS\system32\hid.dll</p><p>\Program Files\Java\jre6\bin\msvcr71.dll</p><p>\WINDOWS\system32\pdh.dll</p><p>\WINDOWS\system32\odbcbcp.dll</p><p>\WINDOWS\system32\netman.dll</p><p>\WINDOWS\system32\netshell.dll</p><p>\WINDOWS\system32\credui.dll</p><p>\WINDOWS\system32\dot3dlg.dll</p><p>\WINDOWS\system32\onex.dll</p><p>\WINDOWS\system32\eappcfg.dll</p><p>\WINDOWS\system32\eappprxy.dll</p><p>\WINDOWS\system32\wzcsapi.dll</p><p>\WINDOWS\system32\srvsvc.dll</p><p>\WINDOWS\system32\msi.dll</p><p>\WINDOWS\system32\spoolss.dll</p><p>\WINDOWS\system32\localspl.dll</p><p>\WINDOWS\system32\cnbjmon.dll</p><p>\WINDOWS\system32\CNMLM81.DLL</p><p>\WINDOWS\system32\snmpapi.dll</p><p>\WINDOWS\system32\inetmib1.dll</p><p>\WINDOWS\system32\CNCF2Ld.DLL</p><p>\WINDOWS\system32\rassapi.dll</p><p>\WINDOWS\system32\LMIport.dll</p><p>\WINDOWS\system32\fxsmon.dll</p><p>\WINDOWS\system32\fxsevent.dll</p><p>\WINDOWS\system32\pjlmon.dll</p><p>\WINDOWS\system32\tcpmon.dll</p><p>\WINDOWS\system32\tcpmib.dll</p><p>\WINDOWS\system32\mgmtapi.dll</p><p>\WINDOWS\system32\wsnmp32.dll</p><p>\WINDOWS\system32\usbmon.dll</p><p>\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL</p><p>\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll</p><p>\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll</p><p>\WINDOWS\system32\ieframe.dll</p><p>\WINDOWS\system32\win32spl.dll</p><p>\WINDOWS\system32\netrap.dll</p><p>\WINDOWS\system32\inetpp.dll</p><p>\WINDOWS\system32\perfos.dll</p><p>\WINDOWS\system32\perfdisk.dll</p><p>\WINDOWS\system32\loadperf.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TimeString.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\OfcPIPC.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\OfcPlugInAPI.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\OfcDog.dll</p><p>\Program Files\Java\jre6\bin\awt.dll</p><p>\Program Files\Java\jre6\bin\client\jvm.dll</p><p>\Program Files\Java\jre6\bin\dcpr.dll</p><p>\Program Files\Java\jre6\bin\deploy.dll</p><p>\Program Files\Java\jre6\bin\fontmanager.dll</p><p>\WINDOWS\system32\powrprof.dll</p><p>\WINDOWS\system32\ipsecsvc.dll</p><p>\WINDOWS\system32\oakley.dll</p><p>\WINDOWS\system32\winipsec.dll</p><p>\WINDOWS\system32\pstorsvc.dll</p><p>\WINDOWS\system32\psbase.dll</p><p>\WINDOWS\system32\oleacc.dll</p><p>\WINDOWS\system32\regsvc.dll</p><p>\WINDOWS\system32\seclogon.dll</p><p>\WINDOWS\system32\srsvc.dll</p><p>\WINDOWS\system32\dssenh.dll</p><p>\WINDOWS\system32\sens.dll</p><p>\WINDOWS\system32\wiaservc.dll</p><p>\WINDOWS\system32\mscms.dll</p><p>\WINDOWS\system32\tapisrv.dll</p><p>\WINDOWS\system32\termsrv.dll</p><p>\WINDOWS\system32\icaapi.dll</p><p>\WINDOWS\system32\mstlsapi.dll</p><p>\WINDOWS\system32\trkwks.dll</p><p>\WINDOWS\system32\wbem\wmisvc.dll</p><p>\WINDOWS\system32\vssapi.dll</p><p>\WINDOWS\system32\fxstiff.dll</p><p>\WINDOWS\system32\wuauserv.dll</p><p>\WINDOWS\system32\fxsapi.dll</p><p>\WINDOWS\system32\wuaueng.dll</p><p>\WINDOWS\system32\cabinet.dll</p><p>\WINDOWS\system32\mspatcha.dll</p><p>\WINDOWS\system32\browser.dll</p><p>\WINDOWS\system32\comsvcs.dll</p><p>\WINDOWS\system32\colbact.dll</p><p>\WINDOWS\system32\mtxclu.dll</p><p>\WINDOWS\system32\clusapi.dll</p><p>\WINDOWS\system32\resutils.dll</p><p>\Program Files\Java\jre6\bin\hpi.dll</p><p>\Program Files\Java\jre6\bin\java.dll</p><p>\WINDOWS\system32\security.dll</p><p>\WINDOWS\system32\wups.dll</p><p>\WINDOWS\system32\wups2.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilCommon.dll</p><p>\Program Files\Java\jre6\bin\jp2native.dll</p><p>\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilDllMgr.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilThread.dll</p><p>\WINDOWS\system32\fxst30.dll</p><p>\WINDOWS\system32\fxsroute.dll</p><p>\WINDOWS\system32\unimdm.tsp</p><p>\WINDOWS\system32\uniplat.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmSock.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\loadhttp.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilRPC.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilAccessControl.dll</p><p>\WINDOWS\system32\wuapi.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilIPC.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\PWD.dll</p><p>\WINDOWS\system32\wdmaud.drv</p><p>\WINDOWS\system32\kmddsp.tsp</p><p>\WINDOWS\system32\ndptsp.tsp</p><p>\WINDOWS\system32\ipconf.tsp</p><p>\WINDOWS\system32\h323.tsp</p><p>\WINDOWS\system32\hidphone.tsp</p><p>\WINDOWS\system32\upnp.dll</p><p>\WINDOWS\system32\ssdpapi.dll</p><p>\WINDOWS\system32\cryptnet.dll</p><p>\WINDOWS\system32\sensapi.dll</p><p>\WINDOWS\system32\msacm32.drv</p><p>\WINDOWS\system32\midimap.dll</p><p>\WINDOWS\system32\rasmans.dll</p><p>\WINDOWS\system32\netcfgx.dll</p><p>\Program Files\Java\jre6\bin\jpeg.dll</p><p>\WINDOWS\system32\actxprxy.dll</p><p>\Program Files\Java\jre6\bin\net.dll</p><p>\Program Files\Java\jre6\bin\nio.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\NTSvcRes.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\OfcPlugInMain.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\OfcPluginTray.dll</p><p>\WINDOWS\system32\dsound.dll</p><p>\WINDOWS\system32\mscoree.dll</p><p>\WINDOWS\system32\ksuser.dll</p><p>\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll</p><p>\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll</p><p>\WINDOWS\system32\msscntrs.dll</p><p>\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL</p><p>\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL</p><p>\WINDOWS\system32\pschdprf.dll</p><p>\WINDOWS\system32\traffic.dll</p><p>\WINDOWS\system32\rasctrs.dll</p><p>\WINDOWS\system32\rsvpperf.dll</p><p>\WINDOWS\system32\tapiperf.dll</p><p>\WINDOWS\system32\wbem\wbemprox.dll</p><p>\WINDOWS\system32\wbem\wbemcomn.dll</p><p>\WINDOWS\system32\wbem\wbemcore.dll</p><p>\WINDOWS\system32\wbem\esscli.dll</p><p>\WINDOWS\system32\wbem\fastprox.dll</p><p>\WINDOWS\system32\wbem\wbemsvc.dll</p><p>\WINDOWS\system32\wbem\wmiutils.dll</p><p>\WINDOWS\system32\wbem\repdrvfs.dll</p><p>\WINDOWS\system32\wbem\wmiprvsd.dll</p><p>\Program Files\Java\jre6\bin\regutils.dll</p><p>\Program Files\Java\jre6\bin\verify.dll</p><p>\Program Files\Java\jre6\bin\zip.dll</p><p>\WINDOWS\system32\wbem\wbemess.dll</p><p>\WINDOWS\system32\wbem\cimwin32.dll</p><p>\WINDOWS\system32\wbem\framedyn.dll</p><p>\WINDOWS\system32\dbghelp.dll</p><p>\WINDOWS\system32\crtdll.dll</p><p>\WINDOWS\system32\query.dll</p><p>\WINDOWS\system32\xmllite.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmUpdate.dll</p><p>\WINDOWS\system32\perfproc.dll</p><p>\WINDOWS\system32\cscui.dll</p><p>\WINDOWS\system32\dpcdll.dll</p><p>\WINDOWS\system32\browseui.dll</p><p>\WINDOWS\system32\shdocvw.dll</p><p>\WINDOWS\system32\desk.cpl</p><p>\WINDOWS\system32\themeui.dll</p><p>\WINDOWS\system32\msimg32.dll</p><p>\WINDOWS\system32\licwmi.dll</p><p>\WINDOWS\system32\licdll.dll</p><p>\WINDOWS\system32\msxml6.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\ssapi32.dll</p><p>\WINDOWS\system32\occache.dll</p><p>\WINDOWS\system32\ssdpsrv.dll</p><p>\WINDOWS\system32\linkinfo.dll</p><p>\WINDOWS\system32\ntshrui.dll</p><p>\WINDOWS\system32\httpapi.dll</p><p>\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll</p><p>\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll</p><p>\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll</p><p>\Program Files\Real\RealUpgrade\Plugins\upgrade.dll</p><p>\WINDOWS\system32\mlang.dll</p><p>\WINDOWS\system32\rastapi.dll</p><p>\WINDOWS\system32\stobject.dll</p><p>\WINDOWS\system32\batmeter.dll</p><p>\WINDOWS\system32\WPDShServiceObj.dll</p><p>\WINDOWS\system32\mydocs.dll</p><p>\WINDOWS\system32\rasppp.dll</p><p>\WINDOWS\system32\wbem\wmipcima.dll</p><p>\WINDOWS\system32\ntlsapi.dll</p><p>\WINDOWS\system32\rasqec.dll</p><p>\WINDOWS\system32\PortableDeviceTypes.dll</p><p>\WINDOWS\system32\mfc42u.dll</p><p>\WINDOWS\system32\PortableDeviceApi.dll</p><p>\WINDOWS\system32\oledlg.dll</p><p>\WINDOWS\system32\riched32.dll</p><p>\Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll</p><p>\WINDOWS\system32\mfc42.dll</p><p>\WINDOWS\system32\w3ssl.dll</p><p>\WINDOWS\system32\strmfilt.dll</p><p>\WINDOWS\system32\msvfw32.dll</p><p>\Program Files\Common Files\ArcSoft\Connection Service\Bin\msvcp60.dll</p><p>\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll</p><p>\WINDOWS\system32\MSCTF.dll</p><p>\WINDOWS\system32\msutb.dll</p><p>\WINDOWS\system32\msisip.dll</p><p>\WINDOWS\system32\wshext.dll</p><p>\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL</p><p>\Program Files\Trend Micro\Client Server Security Agent\NTMonRes_en.dll</p><p>\WINDOWS\system32\icm32.dll</p><p>\WINDOWS\system32\rasdlg.dll</p><p>\WINDOWS\ime\SPTIP.dll</p><p>\WINDOWS\system32\avifil32.dll</p><p>\WINDOWS\system32\mslbui.dll</p><p>\WINDOWS\system32\mssph.dll</p><p>\WINDOWS\system32\mapi32.dll</p><p>\Program Files\Outlook Express\msoe.dll</p><p>\WINDOWS\system32\msoert2.dll</p><p>\WINDOWS\system32\msoeacct.dll</p><p>\WINDOWS\system32\inetcomm.dll</p><p>\WINDOWS\system32\fxsst.dll</p><p>\WINDOWS\system32\msident.dll</p><p>\WINDOWS\system32\pstorec.dll</p><p>\Program Files\Common Files\System\directdb.dll</p><p>\WINDOWS\system32\wbem\wmiprov.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilNetwork.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilSecurity.dll</p><p>\WINDOWS\system32\drprov.dll</p><p>\WINDOWS\system32\ntlanman.dll</p><p>\WINDOWS\system32\netui0.dll</p><p>\WINDOWS\system32\netui1.dll</p><p>\WINDOWS\system32\davclnt.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmProxy.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\tmufeng.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmpxCfg.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmtdi.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmsmIm.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmpePDP.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmcfscan.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmphAim.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmsmHttp.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmpeVS.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmpeUrlF.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmphHttp.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmphIcq.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmphMsn.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmsmMail.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmMsg.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmphPop3.dll</p><p>\PROGRA~1\TRENDM~1\CLIENT~1\TmphYmsg.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmPfwApi.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmPfwCtl.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmCfwApi.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmHash.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\TmPfwRul.dll</p><p>\WINDOWS\system32\wbem\ncprov.dll</p><p>\WINDOWS\system32\wbem\wbemcons.dll</p><p>\WINDOWS\system32\advpack.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmdbg20.dll</p><p>\Program Files\Trend Micro\Client Server Security Agent\tmuninst.dll</p><p>\WINDOWS\AppPatch\aclayers.dll</p><p>\Program Files\Internet Explorer\xpshims.dll</p><p>\Program Files\Internet Explorer\ieproxy.dll</p><p>\WINDOWS\system32\MSIMTF.dll</p><p>\WINDOWS\system32\msfeeds.dll</p><p>\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll</p><p>\Program Files\Java\jre6\bin\jp2ssv.dll</p><p>\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll</p><p>\WINDOWS\system32\usp10.dll</p><p>\WINDOWS\system32\mshtml.dll</p><p>\WINDOWS\system32\jscript.dll</p><p>\WINDOWS\system32\iepeers.dll</p><p>\WINDOWS\system32\dxtrans.dll</p><p>\WINDOWS\system32\ddraw.dll</p><p>\WINDOWS\system32\dciman32.dll</p><p>\WINDOWS\system32\dxtmsft.dll</p><p>\WINDOWS\system32\imgutil.dll</p><p>\WINDOWS\system32\pngfilt.dll</p><p>\WINDOWS\system32\langwrbk.dll</p><p>\WINDOWS\system32\infosoft.dll</p><p>\WINDOWS\system32\d3dim700.dll</p><p>\WINDOWS\system32\winshfhc.dll</p><p>\WINDOWS\system32\WMVCore.dll</p><p>\WINDOWS\system32\wmasf.dll</p><p>\WINDOWS\system32\zipfldr.dll</p><p>\WINDOWS\system32\duser.dll</p><p>\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL</p><p>\WINDOWS\system32\WpdShext.dll</p><p>\WINDOWS\system32\shgina.dll</p><p>\WINDOWS\system32\audiodev.dll</p><p>\WINDOWS\system32\wiashext.dll</p><p>\WINDOWS\system32\sti.dll</p><p>\WINDOWS\system32\qmgrprxy.dll</p><p>\WINDOWS\system32\mstask.dll</p><p>\WINDOWS\system32\sendmail.dll</p><p>\WINDOWS\system32\vbscript.dll</p><p>\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL</p><p>\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL</p><p>\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE</p><p>\Program Files\Microsoft Office\OFFICE11\1033\SRINTL.DLL</p><p>\Program Files\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL</p><p>\Program Files\ScanSoft\OmniPageSE4\OfficeAddInSE4.dll</p><p>\WINDOWS\system32\spool\drivers\w32x86\3\CNMDR8Z.DLL</p><p>\WINDOWS\system32\spool\drivers\w32x86\3\CNMUI8Z.DLL</p><p>\WINDOWS\system32\spool\drivers\w32x86\3\CNMCP8Z.DLL</p><p>\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL</p><p>\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\STINTL.DLL</p><p>\Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcp100.dll</p><p>\Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcr100.dll</p><p>----------- End -----------</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff8a8f09c0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Scsi\nvgts1Port0Path0Target0Lun0\</p><p>Lower Device Object: 0xffffffff8a844030</p><p>Lower Device Driver Name: \Driver\nvgts\</p><p>Driver name found: nvgts</p><p>Initialization returned 0x0</p><p>Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0)</p><p>Load Function returned 0x0</p><p>Downloaded database version: v2013.04.23.02</p><p>Downloaded database version: v2013.04.22.01</p><p>Initializing...</p><p>Done!</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff8a8f0798, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8a8c4720, DeviceName: \Device\0000006a\, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff8a844030, DeviceName: \Device\Scsi\nvgts1Port0Path0Target0Lun0\, DriverName: \Driver\nvgts\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0xffffffffe16905c0, 0xffffffff8a8f09c0, 0xffffffff89c8f040</p><p>Lower DeviceData: 0xffffffffe188cb80, 0xffffffff8a844030, 0xffffffff89c16c98</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning directory: C:\WINDOWS\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_OPT_740.mrk" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ABP480N5.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\adpu160m.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\AGPCPQ.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\aha154x.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\aic78u2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\aic78xx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ALIM1541.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\AMDAGP.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\amsint.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\asc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\asc3350p.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hpn.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\i2omp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ini910u.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\BrScnUsb.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cd20xrnt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cmdide.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cpqarray.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dac2w2k.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dac960nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\DLACDBHM.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\dpti2o.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\DRVMCDB.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\fltMgr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mraid35x.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\MSKSSRV.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\MSPCLOCK.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\MSPQM.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nvatabus.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nvraid.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\asc3550.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\perc2hib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\pxhelp20.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ql1080.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ql10wnt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ql12160.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ql1240.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ql1280.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816bus.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816cm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816cmnt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816cr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816mdfl.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816mdm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816mgmt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816nd5.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816obex.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816unic.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816wh.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s816whnt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\SISAGP.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sparrow.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\symc810.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\symc8xx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sym_hi.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\sym_u3.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\toside.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ultra.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\usbscan.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\VIAAGP.SYS" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\viaide.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: A42D04A3</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0xde)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 160587</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 160650 Numsec = 312335730</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 160000000000 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)...</p><p>Done!</p><p>Performing system, memory and registry scan...</p><p>Read File: File "c:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1)</p><p>Read Fil</p></blockquote><p></p>
[QUOTE="Sparks, post: 117781, member: 7672"] Hi, Thanks for all your help all seems to be working great now, there is no way i could have done this myself without your knowledge and patience. Thanks. Please see logs attached ( I Hope ). Regards, Sparks. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02 Ran by SYSTEM on 22-04-2013 10:01:22 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation) HKLM\...\Run: [nwiz] nwiz.exe /install [x] HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation) HKLM\...\Run: [PMX Daemon] ICO.EXE [x] HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.) HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.) HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.) HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Winlogon: [System] Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation) HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x] HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.) S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation) S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.) S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.) S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.) S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation) S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider) S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.) S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation) S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.) S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.) S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.) S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.) S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.) S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.) S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S4 LMIRfsClientNP; No ImagePath S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x] S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 WDICA; No ImagePath S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST 2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log 2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini 2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ ==================== One Month Modified Files and Folders ======== 2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST 2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn 2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt 2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log 2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log 2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log 2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log 2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini 2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job 2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job 2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini 2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini 2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log 2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC 2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini 2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job 2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert 2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates 2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ 2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999 RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998 RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997 RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996 RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995 RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994 RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993 RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992 RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991 RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990 RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989 RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988 RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987 RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986 RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985 RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984 RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983 RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982 RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981 RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980 RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979 RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978 RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977 RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976 RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975 RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974 RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973 RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972 RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971 RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970 RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969 RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968 RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967 RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966 RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965 RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964 RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963 RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962 RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961 RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960 RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959 RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958 RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957 RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956 RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955 RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954 RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953 RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952 RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951 RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950 RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949 RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948 RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947 RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946 RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945 RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944 RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943 RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942 RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941 RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940 RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939 RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938 RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937 RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936 RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935 RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934 RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933 RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932 RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931 RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930 RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929 RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928 RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927 RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926 RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925 RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002 RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001 RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 1982.36 MB Available physical RAM: 1712.07 MB Total Pagefile: 1813.46 MB Available Pagefile: 1742.18 MB Total Virtual: 2047.88 MB Available Virtual: 1993.54 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 78 MB 32 KB Partition 2 Primary 149 GB 78 MB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 FAT Partition 78 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 149 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS) ==================================================================== Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D) Partition 1: (Active) - (Size=15 GB) - (Type=0B) ==================== End Of Log ============================ Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.04.23.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Anyone :: D6M2H04J [administrator] 23/04/2013 11:35:23 mbar-log-2013-04-23 (11-35-23).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26805 Time elapsed: 40 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 1 HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELLSERVICEOBJECTDELAYLOAD|CDBurn (Hijack.Trojan.Siredef.C) -> Data: {fbeb8a05-beee-4442-804e-409d6c4515e9} -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 6 c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot. c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\U (Trojan.Siredef.C) -> Delete on reboot. c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot. c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3\L (Trojan.Siredef.C) -> Delete on reboot. c:\RECYCLER\S-1-5-18\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot. c:\RECYCLER\S-1-5-21-3915953210-1411050872-365619372-1007\$119979af83280cc350beea7c0a953dc3 (Trojan.Siredef.C) -> Delete on reboot. Files Detected: 1 c:\Documents and Settings\Anyone\Local Settings\Temp\clljqg (Spyware.Zbot.USBV) -> Delete on reboot. (end) Malwarebytes Anti-Rootkit BETA 1.05.0.1001 www.malwarebytes.org Database version: v2013.04.23.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Anyone :: D6M2H04J [administrator] 23/04/2013 12:18:13 mbar-log-2013-04-23 (12-18-13).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 26782 Time elapsed: 35 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_26 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.705000 GHz Memory total: 2078650368, free: 1323065344 ------------ Kernel report ------------ 04/23/2013 10:53:53 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys nvraid.sys \WINDOWS\system32\drivers\CLASSPNP.SYS VolSnap.sys atapi.sys nvgts.sys \WINDOWS\system32\drivers\SCSIPORT.SYS nvatabus.sys disk.sys fltMgr.sys sr.sys DLACDBHM.SYS DRVMCDB.SYS PxHelp20.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\AmdPPM.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\drivers\Afc.sys \SystemRoot\System32\Drivers\cdrbsdrv.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\lmimirr.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\seehcri.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\TM_CFW.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\sthda.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\Drivers\DLARTL_M.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\pmxusblf.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\pmxmouse.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_nvgts.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\mbam.sys \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys \??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys \SystemRoot\System32\Drivers\DRVNDDM.SYS \SystemRoot\System32\Drivers\DLADResM.SYS \SystemRoot\System32\Drivers\DLAIFS_M.SYS \SystemRoot\System32\Drivers\DLAOPIOM.SYS \SystemRoot\System32\Drivers\DLAPoolM.SYS \SystemRoot\System32\Drivers\DLABMFSM.SYS \SystemRoot\System32\Drivers\DLABOIOM.SYS \SystemRoot\System32\Drivers\DLAUDFAM.SYS \SystemRoot\System32\Drivers\DLAUDF_M.SYS \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \??\C:\WINDOWS\system32\drivers\tmcomm.sys \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys \SystemRoot\system32\DRIVERS\srv.sys \??\C:\Program Files\LogMeIn\x86\RaInfo.sys \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\System32\Drivers\HTTP.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll \WINDOWS\system32\smss.exe \WINDOWS\system32\autochk.exe \WINDOWS\system32\sfcfiles.dll \WINDOWS\system32\csrss.exe \WINDOWS\system32\csrsrv.dll \WINDOWS\system32\basesrv.dll \WINDOWS\system32\winsrv.dll \WINDOWS\system32\gdi32.dll \WINDOWS\system32\kernel32.dll \WINDOWS\system32\user32.dll \WINDOWS\system32\advapi32.dll \WINDOWS\system32\rpcrt4.dll \WINDOWS\system32\secur32.dll \WINDOWS\system32\authz.dll \WINDOWS\system32\msvcrt.dll \WINDOWS\system32\crypt32.dll \WINDOWS\system32\msasn1.dll \WINDOWS\system32\nddeapi.dll \WINDOWS\system32\profmap.dll \WINDOWS\system32\netapi32.dll \WINDOWS\system32\userenv.dll \WINDOWS\system32\psapi.dll \WINDOWS\system32\regapi.dll \WINDOWS\system32\setupapi.dll \WINDOWS\system32\version.dll \WINDOWS\system32\winsta.dll \WINDOWS\system32\wintrust.dll \WINDOWS\system32\imagehlp.dll \WINDOWS\system32\ws2_32.dll \WINDOWS\system32\ws2help.dll \WINDOWS\system32\imm32.dll \WINDOWS\system32\kbduk.dll \WINDOWS\system32\msgina.dll \WINDOWS\system32\comctl32.dll \WINDOWS\system32\odbc32.dll \WINDOWS\system32\comdlg32.dll \WINDOWS\system32\shell32.dll \WINDOWS\system32\shlwapi.dll \WINDOWS\system32\sxs.dll \WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll \WINDOWS\system32\shsvcs.dll \WINDOWS\system32\sfc.dll \WINDOWS\system32\sfc_os.dll \WINDOWS\system32\ole32.dll \WINDOWS\system32\apphelp.dll \WINDOWS\system32\lsasrv.dll \WINDOWS\system32\mpr.dll \WINDOWS\system32\ntdsapi.dll \WINDOWS\system32\dnsapi.dll \WINDOWS\system32\wldap32.dll \WINDOWS\system32\samlib.dll \WINDOWS\system32\samsrv.dll \WINDOWS\system32\cryptdll.dll \WINDOWS\system32\shimeng.dll \WINDOWS\AppPatch\AcGenral.dll \WINDOWS\system32\winmm.dll \WINDOWS\system32\oleaut32.dll \WINDOWS\system32\msacm32.dll \WINDOWS\system32\uxtheme.dll \WINDOWS\system32\msapsspc.dll \WINDOWS\system32\msvcrt40.dll \WINDOWS\system32\schannel.dll \WINDOWS\system32\ncobjapi.dll \WINDOWS\system32\msvcp60.dll \WINDOWS\system32\scesrv.dll \WINDOWS\system32\umpnpmgr.dll \WINDOWS\AppPatch\AcAdProc.dll \WINDOWS\system32\digest.dll \WINDOWS\system32\msnsspc.dll \WINDOWS\system32\MSCTFIME.IME \WINDOWS\system32\kerberos.dll \WINDOWS\system32\msv1_0.dll \WINDOWS\system32\iphlpapi.dll \WINDOWS\system32\netlogon.dll \WINDOWS\system32\w32time.dll \WINDOWS\system32\wdigest.dll \WINDOWS\system32\rsaenh.dll \WINDOWS\system32\winscard.dll \WINDOWS\system32\wtsapi32.dll \WINDOWS\system32\scecli.dll \WINDOWS\system32\ntmarta.dll \WINDOWS\system32\rpcss.dll \WINDOWS\system32\eventlog.dll \WINDOWS\system32\mswsock.dll \WINDOWS\system32\hnetcfg.dll \WINDOWS\system32\wshtcpip.dll \WINDOWS\system32\winrnr.dll \Program Files\Bonjour\mdnsNSP.dll \WINDOWS\system32\rasadhlp.dll \WINDOWS\system32\dhcpcsvc.dll \WINDOWS\system32\dnsrslvr.dll \WINDOWS\system32\lmhsvc.dll \WINDOWS\system32\wzcsvc.dll \WINDOWS\system32\rtutils.dll \WINDOWS\system32\wmi.dll \WINDOWS\system32\eapolqec.dll \WINDOWS\system32\atl.dll \WINDOWS\system32\qutil.dll \WINDOWS\system32\dot3api.dll \WINDOWS\system32\esent.dll \WINDOWS\system32\clbcatq.dll \WINDOWS\system32\comres.dll \WINDOWS\system32\rastls.dll \WINDOWS\system32\cryptui.dll \WINDOWS\system32\wininet.dll \WINDOWS\system32\urlmon.dll \WINDOWS\system32\iertutil.dll \WINDOWS\system32\mprapi.dll \WINDOWS\system32\activeds.dll \WINDOWS\system32\adsldpc.dll \WINDOWS\system32\cscdll.dll \WINDOWS\system32\dimsntfy.dll \WINDOWS\system32\LMIinit.dll \WINDOWS\system32\rasapi32.dll \WINDOWS\system32\rasman.dll \WINDOWS\system32\tapi32.dll \WINDOWS\system32\riched20.dll \WINDOWS\system32\raschap.dll \WINDOWS\system32\schedsvc.dll \WINDOWS\system32\wlnotify.dll \WINDOWS\system32\winspool.drv \WINDOWS\system32\msxml3.dll \WINDOWS\system32\msidle.dll \WINDOWS\system32\audiosrv.dll \WINDOWS\system32\wkssvc.dll \WINDOWS\system32\webclnt.dll \Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe \WINDOWS\system32\wsock32.dll \WINDOWS\system32\cfgmgr32.dll \WINDOWS\system32\qmgr.dll \WINDOWS\system32\shfolder.dll \WINDOWS\system32\winhttp.dll \WINDOWS\system32\cryptsvc.dll \WINDOWS\system32\certcli.dll \WINDOWS\system32\dmserver.dll \WINDOWS\system32\ersvc.dll \WINDOWS\pchealth\helpctr\binaries\pchsvc.dll \WINDOWS\system32\es.dll \WINDOWS\system32\hidserv.dll \WINDOWS\system32\hid.dll \Program Files\Java\jre6\bin\msvcr71.dll \WINDOWS\system32\pdh.dll \WINDOWS\system32\odbcbcp.dll \WINDOWS\system32\netman.dll \WINDOWS\system32\netshell.dll \WINDOWS\system32\credui.dll \WINDOWS\system32\dot3dlg.dll \WINDOWS\system32\onex.dll \WINDOWS\system32\eappcfg.dll \WINDOWS\system32\eappprxy.dll \WINDOWS\system32\wzcsapi.dll \WINDOWS\system32\srvsvc.dll \WINDOWS\system32\msi.dll \WINDOWS\system32\spoolss.dll \WINDOWS\system32\localspl.dll \WINDOWS\system32\cnbjmon.dll \WINDOWS\system32\CNMLM81.DLL \WINDOWS\system32\snmpapi.dll \WINDOWS\system32\inetmib1.dll \WINDOWS\system32\CNCF2Ld.DLL \WINDOWS\system32\rassapi.dll \WINDOWS\system32\LMIport.dll \WINDOWS\system32\fxsmon.dll \WINDOWS\system32\fxsevent.dll \WINDOWS\system32\pjlmon.dll \WINDOWS\system32\tcpmon.dll \WINDOWS\system32\tcpmib.dll \WINDOWS\system32\mgmtapi.dll \WINDOWS\system32\wsnmp32.dll \WINDOWS\system32\usbmon.dll \WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL \WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll \WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll \WINDOWS\system32\ieframe.dll \WINDOWS\system32\win32spl.dll \WINDOWS\system32\netrap.dll \WINDOWS\system32\inetpp.dll \WINDOWS\system32\perfos.dll \WINDOWS\system32\perfdisk.dll \WINDOWS\system32\loadperf.dll \Program Files\Trend Micro\Client Server Security Agent\TimeString.dll \Program Files\Trend Micro\Client Server Security Agent\OfcPIPC.dll \Program Files\Trend Micro\Client Server Security Agent\OfcPlugInAPI.dll \Program Files\Trend Micro\Client Server Security Agent\OfcDog.dll \Program Files\Java\jre6\bin\awt.dll \Program Files\Java\jre6\bin\client\jvm.dll \Program Files\Java\jre6\bin\dcpr.dll \Program Files\Java\jre6\bin\deploy.dll \Program Files\Java\jre6\bin\fontmanager.dll \WINDOWS\system32\powrprof.dll \WINDOWS\system32\ipsecsvc.dll \WINDOWS\system32\oakley.dll \WINDOWS\system32\winipsec.dll \WINDOWS\system32\pstorsvc.dll \WINDOWS\system32\psbase.dll \WINDOWS\system32\oleacc.dll \WINDOWS\system32\regsvc.dll \WINDOWS\system32\seclogon.dll \WINDOWS\system32\srsvc.dll \WINDOWS\system32\dssenh.dll \WINDOWS\system32\sens.dll \WINDOWS\system32\wiaservc.dll \WINDOWS\system32\mscms.dll \WINDOWS\system32\tapisrv.dll \WINDOWS\system32\termsrv.dll \WINDOWS\system32\icaapi.dll \WINDOWS\system32\mstlsapi.dll \WINDOWS\system32\trkwks.dll \WINDOWS\system32\wbem\wmisvc.dll \WINDOWS\system32\vssapi.dll \WINDOWS\system32\fxstiff.dll \WINDOWS\system32\wuauserv.dll \WINDOWS\system32\fxsapi.dll \WINDOWS\system32\wuaueng.dll \WINDOWS\system32\cabinet.dll \WINDOWS\system32\mspatcha.dll \WINDOWS\system32\browser.dll \WINDOWS\system32\comsvcs.dll \WINDOWS\system32\colbact.dll \WINDOWS\system32\mtxclu.dll \WINDOWS\system32\clusapi.dll \WINDOWS\system32\resutils.dll \Program Files\Java\jre6\bin\hpi.dll \Program Files\Java\jre6\bin\java.dll \WINDOWS\system32\security.dll \WINDOWS\system32\wups.dll \WINDOWS\system32\wups2.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilCommon.dll \Program Files\Java\jre6\bin\jp2native.dll \WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilDllMgr.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilThread.dll \WINDOWS\system32\fxst30.dll \WINDOWS\system32\fxsroute.dll \WINDOWS\system32\unimdm.tsp \WINDOWS\system32\uniplat.dll \Program Files\Trend Micro\Client Server Security Agent\TmSock.dll \Program Files\Trend Micro\Client Server Security Agent\loadhttp.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilRPC.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilAccessControl.dll \WINDOWS\system32\wuapi.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilIPC.dll \Program Files\Trend Micro\Client Server Security Agent\PWD.dll \WINDOWS\system32\wdmaud.drv \WINDOWS\system32\kmddsp.tsp \WINDOWS\system32\ndptsp.tsp \WINDOWS\system32\ipconf.tsp \WINDOWS\system32\h323.tsp \WINDOWS\system32\hidphone.tsp \WINDOWS\system32\upnp.dll \WINDOWS\system32\ssdpapi.dll \WINDOWS\system32\cryptnet.dll \WINDOWS\system32\sensapi.dll \WINDOWS\system32\msacm32.drv \WINDOWS\system32\midimap.dll \WINDOWS\system32\rasmans.dll \WINDOWS\system32\netcfgx.dll \Program Files\Java\jre6\bin\jpeg.dll \WINDOWS\system32\actxprxy.dll \Program Files\Java\jre6\bin\net.dll \Program Files\Java\jre6\bin\nio.dll \Program Files\Trend Micro\Client Server Security Agent\NTSvcRes.dll \Program Files\Trend Micro\Client Server Security Agent\OfcPlugInMain.dll \Program Files\Trend Micro\Client Server Security Agent\OfcPluginTray.dll \WINDOWS\system32\dsound.dll \WINDOWS\system32\mscoree.dll \WINDOWS\system32\ksuser.dll \WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll \WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll \WINDOWS\system32\msscntrs.dll \PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL \Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL \WINDOWS\system32\pschdprf.dll \WINDOWS\system32\traffic.dll \WINDOWS\system32\rasctrs.dll \WINDOWS\system32\rsvpperf.dll \WINDOWS\system32\tapiperf.dll \WINDOWS\system32\wbem\wbemprox.dll \WINDOWS\system32\wbem\wbemcomn.dll \WINDOWS\system32\wbem\wbemcore.dll \WINDOWS\system32\wbem\esscli.dll \WINDOWS\system32\wbem\fastprox.dll \WINDOWS\system32\wbem\wbemsvc.dll \WINDOWS\system32\wbem\wmiutils.dll \WINDOWS\system32\wbem\repdrvfs.dll \WINDOWS\system32\wbem\wmiprvsd.dll \Program Files\Java\jre6\bin\regutils.dll \Program Files\Java\jre6\bin\verify.dll \Program Files\Java\jre6\bin\zip.dll \WINDOWS\system32\wbem\wbemess.dll \WINDOWS\system32\wbem\cimwin32.dll \WINDOWS\system32\wbem\framedyn.dll \WINDOWS\system32\dbghelp.dll \WINDOWS\system32\crtdll.dll \WINDOWS\system32\query.dll \WINDOWS\system32\xmllite.dll \Program Files\Trend Micro\Client Server Security Agent\TmUpdate.dll \WINDOWS\system32\perfproc.dll \WINDOWS\system32\cscui.dll \WINDOWS\system32\dpcdll.dll \WINDOWS\system32\browseui.dll \WINDOWS\system32\shdocvw.dll \WINDOWS\system32\desk.cpl \WINDOWS\system32\themeui.dll \WINDOWS\system32\msimg32.dll \WINDOWS\system32\licwmi.dll \WINDOWS\system32\licdll.dll \WINDOWS\system32\msxml6.dll \Program Files\Trend Micro\Client Server Security Agent\ssapi32.dll \WINDOWS\system32\occache.dll \WINDOWS\system32\ssdpsrv.dll \WINDOWS\system32\linkinfo.dll \WINDOWS\system32\ntshrui.dll \WINDOWS\system32\httpapi.dll \WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll \Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll \WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll \Program Files\Real\RealUpgrade\Plugins\upgrade.dll \WINDOWS\system32\mlang.dll \WINDOWS\system32\rastapi.dll \WINDOWS\system32\stobject.dll \WINDOWS\system32\batmeter.dll \WINDOWS\system32\WPDShServiceObj.dll \WINDOWS\system32\mydocs.dll \WINDOWS\system32\rasppp.dll \WINDOWS\system32\wbem\wmipcima.dll \WINDOWS\system32\ntlsapi.dll \WINDOWS\system32\rasqec.dll \WINDOWS\system32\PortableDeviceTypes.dll \WINDOWS\system32\mfc42u.dll \WINDOWS\system32\PortableDeviceApi.dll \WINDOWS\system32\oledlg.dll \WINDOWS\system32\riched32.dll \Program Files\ScanSoft\OmniPageSE4\OpHookSE4.dll \WINDOWS\system32\mfc42.dll \WINDOWS\system32\w3ssl.dll \WINDOWS\system32\strmfilt.dll \WINDOWS\system32\msvfw32.dll \Program Files\Common Files\ArcSoft\Connection Service\Bin\msvcp60.dll \WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll \WINDOWS\system32\MSCTF.dll \WINDOWS\system32\msutb.dll \WINDOWS\system32\msisip.dll \WINDOWS\system32\wshext.dll \PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL \Program Files\Trend Micro\Client Server Security Agent\NTMonRes_en.dll \WINDOWS\system32\icm32.dll \WINDOWS\system32\rasdlg.dll \WINDOWS\ime\SPTIP.dll \WINDOWS\system32\avifil32.dll \WINDOWS\system32\mslbui.dll \WINDOWS\system32\mssph.dll \WINDOWS\system32\mapi32.dll \Program Files\Outlook Express\msoe.dll \WINDOWS\system32\msoert2.dll \WINDOWS\system32\msoeacct.dll \WINDOWS\system32\inetcomm.dll \WINDOWS\system32\fxsst.dll \WINDOWS\system32\msident.dll \WINDOWS\system32\pstorec.dll \Program Files\Common Files\System\directdb.dll \WINDOWS\system32\wbem\wmiprov.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilNetwork.dll \Program Files\Trend Micro\Client Server Security Agent\HostedAgent\utilSecurity.dll \WINDOWS\system32\drprov.dll \WINDOWS\system32\ntlanman.dll \WINDOWS\system32\netui0.dll \WINDOWS\system32\netui1.dll \WINDOWS\system32\davclnt.dll \Program Files\Trend Micro\Client Server Security Agent\TmProxy.dll \PROGRA~1\TRENDM~1\CLIENT~1\tmufeng.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmpxCfg.dll \Program Files\Trend Micro\Client Server Security Agent\tmtdi.dll \Program Files\Trend Micro\Client Server Security Agent\TmsmIm.dll \Program Files\Trend Micro\Client Server Security Agent\TmpePDP.dll \Program Files\Trend Micro\Client Server Security Agent\tmcfscan.dll \Program Files\Trend Micro\Client Server Security Agent\TmphAim.dll \Program Files\Trend Micro\Client Server Security Agent\TmsmHttp.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmpeVS.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmpeUrlF.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmphHttp.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmphIcq.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmphMsn.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmsmMail.dll \Program Files\Trend Micro\Client Server Security Agent\TmMsg.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmphPop3.dll \PROGRA~1\TRENDM~1\CLIENT~1\TmphYmsg.dll \Program Files\Trend Micro\Client Server Security Agent\TmPfwApi.dll \Program Files\Trend Micro\Client Server Security Agent\TmPfwCtl.dll \Program Files\Trend Micro\Client Server Security Agent\tmCfwApi.dll \Program Files\Trend Micro\Client Server Security Agent\tmHash.dll \Program Files\Trend Micro\Client Server Security Agent\TmPfwRul.dll \WINDOWS\system32\wbem\ncprov.dll \WINDOWS\system32\wbem\wbemcons.dll \WINDOWS\system32\advpack.dll \Program Files\Trend Micro\Client Server Security Agent\tmdbg20.dll \Program Files\Trend Micro\Client Server Security Agent\tmuninst.dll \WINDOWS\AppPatch\aclayers.dll \Program Files\Internet Explorer\xpshims.dll \Program Files\Internet Explorer\ieproxy.dll \WINDOWS\system32\MSIMTF.dll \WINDOWS\system32\msfeeds.dll \Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll \Program Files\Java\jre6\bin\jp2ssv.dll \Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll \WINDOWS\system32\usp10.dll \WINDOWS\system32\mshtml.dll \WINDOWS\system32\jscript.dll \WINDOWS\system32\iepeers.dll \WINDOWS\system32\dxtrans.dll \WINDOWS\system32\ddraw.dll \WINDOWS\system32\dciman32.dll \WINDOWS\system32\dxtmsft.dll \WINDOWS\system32\imgutil.dll \WINDOWS\system32\pngfilt.dll \WINDOWS\system32\langwrbk.dll \WINDOWS\system32\infosoft.dll \WINDOWS\system32\d3dim700.dll \WINDOWS\system32\winshfhc.dll \WINDOWS\system32\WMVCore.dll \WINDOWS\system32\wmasf.dll \WINDOWS\system32\zipfldr.dll \WINDOWS\system32\duser.dll \Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL \WINDOWS\system32\WpdShext.dll \WINDOWS\system32\shgina.dll \WINDOWS\system32\audiodev.dll \WINDOWS\system32\wiashext.dll \WINDOWS\system32\sti.dll \WINDOWS\system32\qmgrprxy.dll \WINDOWS\system32\mstask.dll \WINDOWS\system32\sendmail.dll \WINDOWS\system32\vbscript.dll \Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL \Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL \Program Files\Microsoft Office\OFFICE11\WINWORD.EXE \Program Files\Microsoft Office\OFFICE11\1033\SRINTL.DLL \Program Files\Common Files\Microsoft Shared\OFFICE11\RICHED20.DLL \Program Files\ScanSoft\OmniPageSE4\OfficeAddInSE4.dll \WINDOWS\system32\spool\drivers\w32x86\3\CNMDR8Z.DLL \WINDOWS\system32\spool\drivers\w32x86\3\CNMUI8Z.DLL \WINDOWS\system32\spool\drivers\w32x86\3\CNMCP8Z.DLL \PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL \PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\1033\STINTL.DLL \Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcp100.dll \Documents and Settings\Anyone\Desktop\mbar-1.05.0.1001\mbar\msvcr100.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a8f09c0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Scsi\nvgts1Port0Path0Target0Lun0\ Lower Device Object: 0xffffffff8a844030 Lower Device Driver Name: \Driver\nvgts\ Driver name found: nvgts Initialization returned 0x0 Port sub-driver loaded: \??\C:\WINDOWS\system32\drivers\scsiport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.04.23.02 Downloaded database version: v2013.04.22.01 Initializing... Done! <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a8f0798, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a8f09c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a8c4720, DeviceName: \Device\0000006a\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a844030, DeviceName: \Device\Scsi\nvgts1Port0Path0Target0Lun0\, DriverName: \Driver\nvgts\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xffffffffe16905c0, 0xffffffff8a8f09c0, 0xffffffff89c8f040 Lower DeviceData: 0xffffffffe188cb80, 0xffffffff8a844030, 0xffffffff89c16c98 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "C:\WINDOWS\system32\drivers\1028_Dell_OPT_740.mrk" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ABP480N5.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\adpu160m.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGP440.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AGPCPQ.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\aha154x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\aic78u2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\aic78xx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\aliide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ALIM1541.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\AMDAGP.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\amsint.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asc3350p.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hpn.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\i2omp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ini910u.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\intelppm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atapi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\BrScnUsb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cd20xrnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cmdide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqarray.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dac2w2k.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dac960nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\DLACDBHM.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\dpti2o.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\DRVMCDB.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fltMgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mqac.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mraid35x.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MSKSSRV.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MSPCLOCK.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\MSPQM.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nvatabus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nvraid.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\parvdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pciidex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\asc3550.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\perc2hib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\pxhelp20.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ql1080.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ql10wnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ql12160.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ql1240.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ql1280.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816bus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816cm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816cmnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816cr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816mdfl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816mdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816mgmt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816nd5.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816obex.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816unic.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816wh.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s816whnt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\SISAGP.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sparrow.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\symc810.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\symc8xx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sym_hi.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\sym_u3.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\toside.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ultra.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbscan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\usbuhci.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\VIAAGP.SYS" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\viaide.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\isapnp.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A42D04A3 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 160650 Numsec = 312335730 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160000000000 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312480000-312500000)... Done! Performing system, memory and registry scan... Read File: File "c:\Documents and Settings\Administrator\Application Data\desktop.ini" is compressed (flags = 1) Read Fil [/QUOTE]
Insert quotes…
Verification
Post reply
Top
