Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with ZeroAccess rootkit


  • This topic is locked This topic is locked
19 replies to this topic

#1 vash2275

vash2275

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 22 July 2013 - 01:33 PM

 I am having problems connecting to the internet outside of safe mode.  It started after I uninstalled a vpn I was using and when I restarted the computer I could not connect to the internet.  I assumed it was a driver problem but, Than I decided to boot in to safe mode to see if that would let me connect to the internet and it does.  Came here ran a bunch of programs was informed I am infected with zeroaccesss rookit. thanks for the help.

 

 

here is the dds log

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by r at 13:43:22 on 2013-07-22
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.446.105 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - <orphaned>
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AA2DEFF2-AD0F-4D8E-86C9-794C108C03C5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DA394622-918C-40A2-8C2E-25A058DCAC8E} : DHCPNameServer = 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\r\application data\mozilla\firefox\profiles\fhim4lhq.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin1017325.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-07-02 14:44; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\r\application data\mozilla\firefox\profiles\fhim4lhq.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2013-6-7 28256]
R3 jakndisMP;jakndisMP;c:\windows\system32\drivers\jakndis.sys [2012-5-31 30016]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\drivers\Neo_0022.sys [2013-7-18 25824]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2012-7-15 26112]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 avgtdi;Hcmon;c:\windows\system32\svchost.exe -k netsvcs [2005-11-4 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 OpenVPNAccessClient;OpenVPN Access Client;"c:\program files\openvpn technologies\privatetunnel\core\capiws.exe" --> c:\program files\openvpn technologies\privatetunnel\core\capiws.exe [?]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2013-6-7 28256]
S3 jakndis;Jaksta Service;c:\windows\system32\drivers\jakndis.sys [2012-5-31 30016]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-3 271792]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-07-21 21:40:18    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-07-18 17:48:23    25824    ----a-w-    c:\windows\system32\drivers\Neo_0022.sys
2013-07-18 17:47:39    133688    ----a-w-    c:\windows\system32\vpncmd.exe
2013-07-18 17:47:03    --------    d-----w-    c:\program files\SoftEther VPN Client
2013-07-18 17:00:42    --------    d-----w-    c:\documents and settings\r\application data\PrivateTunnel
2013-07-18 16:59:44    --------    d-----w-    c:\program files\OpenVPN Technologies
2013-07-09 16:58:35    7068072    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{945f4a0e-7ec2-4092-8a62-1613d6515fa1}\mpengine.dll
2013-07-03 16:35:45    7068072    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2013-07-21 19:42:18    156672    ----a-w-    c:\windows\system32\rmc_fixasf.exe
2013-07-21 19:42:17    237568    ----a-w-    c:\windows\system32\rmc_rtspdl.dll
2013-07-21 19:03:40    323584    ----a-w-    c:\windows\system32\AUDIOGENIE2.DLL
2013-04-29 00:25:56    691592    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-04-29 00:25:55    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:46:28.46 ===============
 

Attached Files


Edited by vash2275, 22 July 2013 - 01:34 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 24 July 2013 - 10:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#3 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 25 July 2013 - 04:58 PM

here are both the logs and the mbr zipped file you asked for thank you again for your help.


16:53:03.0140 2828  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:53:03.0328 2828  ============================================================
16:53:03.0328 2828  Current date / time: 2013/07/25 16:53:03.0328
16:53:03.0328 2828  SystemInfo:
16:53:03.0328 2828  
16:53:03.0328 2828  OS Version: 5.1.2600 ServicePack: 3.0
16:53:03.0328 2828  Product type: Workstation
16:53:03.0328 2828  ComputerName: CHRISTY
16:53:03.0328 2828  UserName: r
16:53:03.0328 2828  Windows directory: C:\WINDOWS
16:53:03.0328 2828  System windows directory: C:\WINDOWS
16:53:03.0328 2828  Processor architecture: Intel x86
16:53:03.0328 2828  Number of processors: 1
16:53:03.0328 2828  Page size: 0x1000
16:53:03.0328 2828  Boot type: Normal boot
16:53:03.0328 2828  ============================================================
16:53:06.0953 2828  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x28616, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF, Type 'K0', Flags 0x00000054
16:53:06.0968 2828  ============================================================
16:53:06.0968 2828  \Device\Harddisk0\DR0:
16:53:06.0968 2828  MBR partitions:
16:53:06.0968 2828  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9491ED7
16:53:06.0968 2828  ============================================================
16:53:07.0062 2828  C: <-> \Device\Harddisk0\DR0\Partition1
16:53:07.0593 2828  ============================================================
16:53:07.0593 2828  Initialize success
16:53:07.0593 2828  ============================================================
16:53:21.0484 2480  ============================================================
16:53:21.0484 2480  Scan started
16:53:21.0484 2480  Mode: Manual; SigCheck; TDLFS;
16:53:21.0484 2480  ============================================================
16:53:21.0765 2480  ================ Scan system memory ========================
16:53:25.0390 2480  System memory - ok
16:53:25.0390 2480  ================ Scan services =============================
16:53:25.0625 2480  Abiosdsk - ok
16:53:25.0640 2480  abp480n5 - ok
16:53:25.0703 2480  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:53:27.0578 2480  ACPI - ok
16:53:27.0625 2480  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:53:27.0828 2480  ACPIEC - ok
16:53:27.0890 2480  [ 4B3D99792BE5BFA9296F4C3F0B7157D3 ] ACS             C:\WINDOWS\system32\acs.exe
16:53:27.0906 2480  ACS ( UnsignedFile.Multi.Generic ) - warning
16:53:27.0906 2480  ACS - detected UnsignedFile.Multi.Generic (1)
16:53:27.0921 2480  adpu160m - ok
16:53:27.0968 2480  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
16:53:28.0140 2480  aec - ok
16:53:28.0156 2480  [ 2C5C22990156A1063E19AD162191DC1D ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:53:28.0203 2480  AegisP ( UnsignedFile.Multi.Generic ) - warning
16:53:28.0203 2480  AegisP - detected UnsignedFile.Multi.Generic (1)
16:53:28.0234 2480  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
16:53:28.0296 2480  AFD - ok
16:53:28.0390 2480  [ B3192376C7A3814B5341EFC2202022F8 ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:53:28.0578 2480  AgereSoftModem - ok
16:53:28.0593 2480  Aha154x - ok
16:53:28.0609 2480  aic78u2 - ok
16:53:28.0625 2480  aic78xx - ok
16:53:28.0671 2480  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
16:53:28.0843 2480  Alerter - ok
16:53:28.0875 2480  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
16:53:29.0046 2480  ALG - ok
16:53:29.0062 2480  AliIde - ok
16:53:29.0078 2480  amsint - ok
16:53:29.0203 2480  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:53:29.0234 2480  Apple Mobile Device - ok
16:53:29.0312 2480  [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliand        C:\WINDOWS\system32\DRIVERS\appliand.sys
16:53:29.0453 2480  appliand - ok
16:53:29.0468 2480  [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliandMP      C:\WINDOWS\system32\DRIVERS\appliand.sys
16:53:29.0484 2480  appliandMP - ok
16:53:29.0500 2480  AppMgmt - ok
16:53:29.0546 2480  [ F0A8370D570428E83D78593E9DFB2E5A ] AR5211          C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:53:29.0656 2480  AR5211 - ok
16:53:29.0671 2480  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:53:29.0859 2480  Arp1394 - ok
16:53:29.0859 2480  asc - ok
16:53:29.0875 2480  asc3350p - ok
16:53:29.0890 2480  asc3550 - ok
16:53:30.0031 2480  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:53:30.0078 2480  aspnet_state - ok
16:53:30.0109 2480  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:53:30.0312 2480  AsyncMac - ok
16:53:30.0343 2480  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
16:53:30.0500 2480  atapi - ok
16:53:30.0531 2480  Atdisk - ok
16:53:30.0578 2480  [ ABC57A6F6070BAF9786C318F59F29F0B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
16:53:30.0703 2480  Ati HotKey Poller - ok
16:53:30.0796 2480  [ 03621F7F968FF63713943405DEB777F9 ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:53:30.0906 2480  ati2mtag - ok
16:53:30.0937 2480  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:53:31.0109 2480  Atmarpc - ok
16:53:31.0187 2480  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
16:53:31.0343 2480  AudioSrv - ok
16:53:31.0359 2480  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
16:53:31.0546 2480  audstub - ok
16:53:31.0562 2480  avgtdi - ok
16:53:31.0593 2480  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
16:53:31.0796 2480  Beep - ok
16:53:31.0890 2480  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
16:53:32.0125 2480  BITS - ok
16:53:32.0218 2480  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:53:32.0265 2480  Bonjour Service - ok
16:53:32.0312 2480  [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser         C:\WINDOWS\System32\browser.dll
16:53:32.0515 2480  Browser - ok
16:53:32.0515 2480  BVRPMPR5 - ok
16:53:32.0531 2480  bwsvc - ok
16:53:32.0593 2480  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
16:53:32.0812 2480  cbidf2k - ok
16:53:32.0812 2480  cd20xrnt - ok
16:53:32.0843 2480  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
16:53:33.0046 2480  Cdaudio - ok
16:53:33.0093 2480  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
16:53:33.0250 2480  Cdfs - ok
16:53:33.0296 2480  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:53:33.0484 2480  Cdrom - ok
16:53:33.0562 2480  [ 3CB0CC8879956C187E87E18634EE5164 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:53:33.0578 2480  CFSvcs ( UnsignedFile.Multi.Generic ) - warning
16:53:33.0578 2480  CFSvcs - detected UnsignedFile.Multi.Generic (1)
16:53:33.0593 2480  Changer - ok
16:53:33.0625 2480  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
16:53:33.0812 2480  CiSvc - ok
16:53:33.0843 2480  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
16:53:34.0015 2480  ClipSrv - ok
16:53:34.0078 2480  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:53:34.0296 2480  clr_optimization_v2.0.50727_32 - ok
16:53:34.0328 2480  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:53:34.0484 2480  clr_optimization_v4.0.30319_32 - ok
16:53:34.0515 2480  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:53:34.0671 2480  CmBatt - ok
16:53:34.0687 2480  CmdIde - ok
16:53:34.0734 2480  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:53:34.0906 2480  Compbatt - ok
16:53:34.0906 2480  COMSysApp - ok
16:53:34.0937 2480  Cpqarray - ok
16:53:34.0968 2480  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
16:53:35.0140 2480  CryptSvc - ok
16:53:35.0296 2480  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:53:35.0390 2480  cvhsvc - ok
16:53:35.0390 2480  dac2w2k - ok
16:53:35.0406 2480  dac960nt - ok
16:53:35.0468 2480  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
16:53:35.0578 2480  DcomLaunch - ok
16:53:35.0609 2480  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
16:53:35.0781 2480  Dhcp - ok
16:53:35.0843 2480  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
16:53:36.0015 2480  Disk - ok
16:53:36.0015 2480  dmadmin - ok
16:53:36.0109 2480  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
16:53:36.0375 2480  dmboot - ok
16:53:36.0406 2480  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
16:53:36.0578 2480  dmio - ok
16:53:36.0625 2480  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
16:53:36.0812 2480  dmload - ok
16:53:36.0859 2480  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
16:53:37.0000 2480  dmserver - ok
16:53:37.0031 2480  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
16:53:37.0203 2480  DMusic - ok
16:53:37.0250 2480  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
16:53:37.0359 2480  Dnscache - ok
16:53:37.0406 2480  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
16:53:37.0562 2480  Dot3svc - ok
16:53:37.0578 2480  dpti2o - ok
16:53:37.0625 2480  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
16:53:37.0796 2480  drmkaud - ok
16:53:37.0875 2480  [ C9FFBD6B8EDC46CD3D13E3C6DB914FB7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
16:53:37.0875 2480  DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
16:53:37.0875 2480  DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
16:53:37.0937 2480  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
16:53:38.0140 2480  EapHost - ok
16:53:38.0187 2480  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
16:53:38.0343 2480  ERSvc - ok
16:53:38.0359 2480  eskerlicensecontrol - ok
16:53:38.0406 2480  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
16:53:38.0437 2480  Eventlog - ok
16:53:38.0468 2480  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
16:53:38.0531 2480  EventSystem - ok
16:53:38.0546 2480  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
16:53:38.0718 2480  Fastfat - ok
16:53:38.0765 2480  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:53:38.0828 2480  FastUserSwitchingCompatibility - ok
16:53:38.0859 2480  [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax             C:\WINDOWS\system32\fxssvc.exe
16:53:39.0046 2480  Fax - ok
16:53:39.0078 2480  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
16:53:39.0234 2480  Fdc - ok
16:53:39.0265 2480  filemon701 - ok
16:53:39.0296 2480  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
16:53:39.0437 2480  Fips - ok
16:53:39.0468 2480  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
16:53:39.0625 2480  Flpydisk - ok
16:53:39.0656 2480  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
16:53:39.0812 2480  FltMgr - ok
16:53:39.0890 2480  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:53:39.0921 2480  FontCache3.0.0.0 - ok
16:53:39.0968 2480  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:53:40.0125 2480  Fs_Rec - ok
16:53:40.0140 2480  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:53:40.0343 2480  Ftdisk - ok
16:53:40.0390 2480  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:53:40.0390 2480  GEARAspiWDM - ok
16:53:40.0421 2480  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:53:40.0562 2480  Gpc - ok
16:53:40.0609 2480  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:53:40.0781 2480  HDAudBus - ok
16:53:40.0875 2480  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:53:41.0031 2480  helpsvc - ok
16:53:41.0078 2480  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
16:53:41.0250 2480  HidServ - ok
16:53:41.0281 2480  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:53:41.0437 2480  HidUsb - ok
16:53:41.0468 2480  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
16:53:41.0609 2480  hkmsvc - ok
16:53:41.0625 2480  hpn - ok
16:53:41.0671 2480  [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:53:41.0765 2480  HPZid412 - ok
16:53:41.0828 2480  [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:53:41.0859 2480  HPZipr12 - ok
16:53:41.0890 2480  [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:53:41.0953 2480  HPZius12 - ok
16:53:42.0031 2480  [ 6361F419C1DFD5141702A90D93DBF569 ] HssDrv          C:\WINDOWS\system32\DRIVERS\HssDrv.sys
16:53:42.0046 2480  HssDrv - ok
16:53:42.0093 2480  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
16:53:42.0203 2480  HTTP - ok
16:53:42.0265 2480  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
16:53:42.0406 2480  HTTPFilter - ok
16:53:42.0421 2480  i2omgmt - ok
16:53:42.0437 2480  i2omp - ok
16:53:42.0453 2480  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:53:42.0609 2480  i8042prt - ok
16:53:42.0625 2480  iAimTV6 - ok
16:53:42.0718 2480  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:53:42.0781 2480  idsvc - ok
16:53:42.0859 2480  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
16:53:43.0031 2480  Imapi - ok
16:53:43.0093 2480  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
16:53:43.0234 2480  ImapiService - ok
16:53:43.0250 2480  ini910u - ok
16:53:43.0484 2480  [ 1A5B97B5BFFDE5742F4209F734C4FAF0 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:53:43.0937 2480  IntcAzAudAddService - ok
16:53:43.0953 2480  IntelIde - ok
16:53:44.0031 2480  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:53:44.0218 2480  intelppm - ok
16:53:44.0359 2480  [ 1A263BD87C082FA7AB38093014C8FC79 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
16:53:44.0359 2480  IntuitUpdateService - ok
16:53:44.0390 2480  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
16:53:44.0531 2480  Ip6Fw - ok
16:53:44.0609 2480  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:53:44.0781 2480  IpFilterDriver - ok
16:53:44.0859 2480  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:53:45.0015 2480  IpInIp - ok
16:53:45.0046 2480  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:53:45.0218 2480  IpNat - ok
16:53:45.0343 2480  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:53:45.0375 2480  iPod Service - ok
16:53:45.0453 2480  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:53:45.0656 2480  IPSec - ok
16:53:45.0687 2480  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
16:53:45.0843 2480  IRENUM - ok
16:53:45.0921 2480  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:53:46.0078 2480  isapnp - ok
16:53:46.0093 2480  itchfltr - ok
16:53:46.0187 2480  [ 49B94EA1D51CE04570A565E49AEAC138 ] jakndis         C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:53:46.0234 2480  jakndis - ok
16:53:46.0250 2480  [ 49B94EA1D51CE04570A565E49AEAC138 ] jakndisMP       C:\WINDOWS\system32\DRIVERS\jakndis.sys
16:53:46.0281 2480  jakndisMP - ok
16:53:46.0375 2480  [ 0A5709543986843D37A92290B7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
16:53:46.0390 2480  JavaQuickStarterService - ok
16:53:46.0421 2480  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:53:46.0578 2480  Kbdclass - ok
16:53:46.0609 2480  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:53:46.0750 2480  kbdhid - ok
16:53:46.0796 2480  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
16:53:46.0953 2480  kmixer - ok
16:53:46.0968 2480  [ 00C1EA8DECF810B8ECCB5C5A8186A96E ] KR10N           C:\WINDOWS\system32\drivers\KR10N.sys
16:53:47.0046 2480  KR10N - ok
16:53:47.0125 2480  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
16:53:47.0328 2480  KSecDD - ok
16:53:47.0375 2480  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
16:53:47.0421 2480  lanmanserver - ok
16:53:47.0468 2480  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:53:47.0531 2480  lanmanworkstation - ok
16:53:47.0546 2480  lbrtfdc - ok
16:53:47.0609 2480  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
16:53:47.0781 2480  LmHosts - ok
16:53:47.0890 2480  [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService   C:\Program Files\Common Files\Motive\McciCMService.exe
16:53:47.0953 2480  McciCMService ( UnsignedFile.Multi.Generic ) - warning
16:53:47.0953 2480  McciCMService - detected UnsignedFile.Multi.Generic (1)
16:53:48.0000 2480  [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf          C:\WINDOWS\system32\Drivers\meiudf.sys
16:53:48.0125 2480  meiudf ( UnsignedFile.Multi.Generic ) - warning
16:53:48.0125 2480  meiudf - detected UnsignedFile.Multi.Generic (1)
16:53:48.0187 2480  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
16:53:48.0328 2480  Messenger - ok
16:53:48.0375 2480  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
16:53:48.0546 2480  mnmdd - ok
16:53:48.0578 2480  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
16:53:48.0750 2480  mnmsrvc - ok
16:53:48.0781 2480  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
16:53:48.0937 2480  Modem - ok
16:53:48.0968 2480  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:53:49.0125 2480  Mouclass - ok
16:53:49.0187 2480  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:53:49.0359 2480  mouhid - ok
16:53:49.0421 2480  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
16:53:49.0546 2480  MountMgr - ok
16:53:49.0593 2480  [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
16:53:49.0609 2480  MpFilter - ok
16:53:49.0828 2480  [ A69630D039C38018689190234F866D77 ] MpKslde7401a9   c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A378E5C3-AAB7-4703-815D-D1898CF7A7C7}\MpKslde7401a9.sys
16:53:49.0875 2480  MpKslde7401a9 - ok
16:53:49.0875 2480  mraid35x - ok
16:53:49.0953 2480  [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:53:49.0968 2480  MREMP50 ( UnsignedFile.Multi.Generic ) - warning
16:53:49.0968 2480  MREMP50 - detected UnsignedFile.Multi.Generic (1)
16:53:49.0984 2480  MREMP50a64 - ok
16:53:50.0000 2480  MREMPR5 - ok
16:53:50.0000 2480  MRENDIS5 - ok
16:53:50.0015 2480  [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:53:50.0062 2480  MRESP50 ( UnsignedFile.Multi.Generic ) - warning
16:53:50.0062 2480  MRESP50 - detected UnsignedFile.Multi.Generic (1)
16:53:50.0078 2480  MRESP50a64 - ok
16:53:50.0093 2480  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:53:50.0265 2480  MRxDAV - ok
16:53:50.0312 2480  [ FB2FCCC70F7174C7BF64F48E96D3ADF4 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:53:50.0437 2480  MRxSmb - ok
16:53:50.0484 2480  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
16:53:50.0625 2480  MSDTC - ok
16:53:50.0656 2480  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
16:53:50.0812 2480  Msfs - ok
16:53:50.0828 2480  MSIServer - ok
16:53:50.0859 2480  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:53:51.0000 2480  MSKSSRV - ok
16:53:51.0078 2480  [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:53:51.0093 2480  MsMpSvc - ok
16:53:51.0109 2480  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:53:51.0250 2480  MSPCLOCK - ok
16:53:51.0296 2480  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
16:53:51.0484 2480  MSPQM - ok
16:53:51.0531 2480  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:53:51.0656 2480  mssmbios - ok
16:53:51.0703 2480  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
16:53:51.0843 2480  Mup - ok
16:53:51.0968 2480  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
16:53:52.0125 2480  napagent - ok
16:53:52.0187 2480  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
16:53:52.0343 2480  NDIS - ok
16:53:52.0375 2480  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:53:52.0406 2480  NdisTapi - ok
16:53:52.0437 2480  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:53:52.0593 2480  Ndisuio - ok
16:53:52.0609 2480  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:53:52.0781 2480  NdisWan - ok
16:53:52.0843 2480  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
16:53:52.0921 2480  NDProxy - ok
16:53:53.0031 2480  [ A76C81E4FDFFAF7A69DC19FBA643C963 ] Neo_VPN         C:\WINDOWS\system32\DRIVERS\Neo_0022.sys
16:53:53.0140 2480  Neo_VPN - ok
16:53:53.0187 2480  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:53:53.0203 2480  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:53:53.0203 2480  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:53:53.0250 2480  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
16:53:53.0390 2480  NetBIOS - ok
16:53:53.0421 2480  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
16:53:53.0578 2480  NetBT - ok
16:53:53.0625 2480  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
16:53:53.0812 2480  NetDDE - ok
16:53:53.0828 2480  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
16:53:53.0968 2480  NetDDEdsdm - ok
16:53:54.0000 2480  [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio        C:\WINDOWS\system32\DRIVERS\netdevio.sys
16:53:54.0031 2480  Netdevio ( UnsignedFile.Multi.Generic ) - warning
16:53:54.0031 2480  Netdevio - detected UnsignedFile.Multi.Generic (1)
16:53:54.0062 2480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
16:53:54.0218 2480  Netlogon - ok
16:53:54.0265 2480  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
16:53:54.0406 2480  Netman - ok
16:53:54.0437 2480  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:53:54.0546 2480  NetTcpPortSharing - ok
16:53:54.0593 2480  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:53:54.0750 2480  NIC1394 - ok
16:53:54.0765 2480  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
16:53:54.0812 2480  Nla - ok
16:53:54.0875 2480  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\WINDOWS\system32\drivers\npf.sys
16:53:54.0921 2480  NPF - ok
16:53:54.0953 2480  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
16:53:55.0156 2480  Npfs - ok
16:53:55.0203 2480  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
16:53:55.0406 2480  Ntfs - ok
16:53:55.0437 2480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
16:53:55.0593 2480  NtLmSsp - ok
16:53:55.0640 2480  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
16:53:55.0859 2480  NtmsSvc - ok
16:53:55.0906 2480  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
16:53:56.0078 2480  Null - ok
16:53:56.0093 2480  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:53:56.0296 2480  NwlnkFlt - ok
16:53:56.0296 2480  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:53:56.0500 2480  NwlnkFwd - ok
16:53:56.0593 2480  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:53:56.0625 2480  odserv - ok
16:53:56.0687 2480  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:53:56.0843 2480  ohci1394 - ok
16:53:56.0906 2480  OpenVPNAccessClient - ok
16:53:56.0968 2480  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:53:56.0984 2480  ose - ok
16:53:57.0312 2480  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:53:58.0062 2480  osppsvc - ok
16:53:58.0218 2480  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
16:53:58.0421 2480  Parport - ok
16:53:58.0453 2480  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
16:53:58.0593 2480  PartMgr - ok
16:53:58.0640 2480  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
16:53:58.0828 2480  ParVdm - ok
16:53:58.0859 2480  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
16:53:59.0015 2480  PCI - ok
16:53:59.0015 2480  PCIDump - ok
16:53:59.0046 2480  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
16:53:59.0250 2480  PCIIde - ok
16:53:59.0281 2480  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:53:59.0406 2480  Pcmcia - ok
16:53:59.0421 2480  PDCOMP - ok
16:53:59.0437 2480  PDFRAME - ok
16:53:59.0453 2480  PDRELI - ok
16:53:59.0468 2480  PDRFRAME - ok
16:53:59.0468 2480  perc2 - ok
16:53:59.0484 2480  perc2hib - ok
16:53:59.0546 2480  [ 6C1618A07B49E3873582B6449E744088 ] pfc             C:\WINDOWS\system32\drivers\pfc.sys
16:53:59.0656 2480  pfc ( UnsignedFile.Multi.Generic ) - warning
16:53:59.0656 2480  pfc - detected UnsignedFile.Multi.Generic (1)
16:53:59.0703 2480  [ D597E8D5C35CC41D76DE5DD6EDA2AFA1 ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoCtlSvc.exe
16:53:59.0703 2480  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:53:59.0703 2480  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:53:59.0734 2480  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
16:53:59.0750 2480  PlugPlay - ok
16:53:59.0812 2480  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:53:59.0843 2480  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:53:59.0843 2480  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:53:59.0843 2480  PolarUSB - ok
16:53:59.0890 2480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
16:54:00.0015 2480  PolicyAgent - ok
16:54:00.0078 2480  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:54:00.0250 2480  PptpMiniport - ok
16:54:00.0265 2480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:54:00.0406 2480  ProtectedStorage - ok
16:54:00.0468 2480  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
16:54:00.0656 2480  PSched - ok
16:54:00.0703 2480  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:54:00.0890 2480  Ptilink - ok
16:54:00.0937 2480  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:54:00.0953 2480  PxHelp20 - ok
16:54:00.0968 2480  ql1080 - ok
16:54:00.0968 2480  Ql10wnt - ok
16:54:00.0984 2480  ql12160 - ok
16:54:01.0000 2480  ql1240 - ok
16:54:01.0015 2480  ql1280 - ok
16:54:01.0046 2480  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:54:01.0250 2480  RasAcd - ok
16:54:01.0296 2480  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
16:54:01.0453 2480  RasAuto - ok
16:54:01.0484 2480  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:54:01.0640 2480  Rasl2tp - ok
16:54:01.0671 2480  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
16:54:01.0843 2480  RasMan - ok
16:54:01.0859 2480  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:54:02.0000 2480  RasPppoe - ok
16:54:02.0015 2480  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
16:54:02.0203 2480  Raspti - ok
16:54:02.0218 2480  raysatxsi5_0server - ok
16:54:02.0265 2480  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:54:02.0421 2480  Rdbss - ok
16:54:02.0453 2480  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:54:02.0656 2480  RDPCDD - ok
16:54:02.0703 2480  [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
16:54:02.0750 2480  RDPWD - ok
16:54:02.0812 2480  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
16:54:03.0015 2480  RDSessMgr - ok
16:54:03.0046 2480  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
16:54:03.0187 2480  redbook - ok
16:54:03.0265 2480  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
16:54:03.0406 2480  RemoteAccess - ok
16:54:03.0453 2480  [ B60F58F175DE20A6739194E85B035178 ] rpcapd          C:\Program Files\WinPcap\rpcapd.exe
16:54:03.0468 2480  rpcapd - ok
16:54:03.0500 2480  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
16:54:03.0656 2480  RpcLocator - ok
16:54:03.0687 2480  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
16:54:03.0718 2480  RpcSs - ok
16:54:03.0765 2480  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
16:54:03.0984 2480  RSVP - ok
16:54:04.0062 2480  [ 7F0413BDD7D53EB4C7A371E7F6F84DF1 ] RTL8023xp       C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
16:54:04.0171 2480  RTL8023xp - ok
16:54:04.0218 2480  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:54:04.0343 2480  rtl8139 - ok
16:54:04.0375 2480  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
16:54:04.0531 2480  SamSs - ok
16:54:04.0531 2480  SASDIFSV - ok
16:54:04.0546 2480  SASENUM - ok
16:54:04.0562 2480  SASKUTIL - ok
16:54:04.0609 2480  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
16:54:04.0765 2480  SCardSvr - ok
16:54:04.0843 2480  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
16:54:05.0000 2480  Schedule - ok
16:54:05.0046 2480  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:54:05.0187 2480  Secdrv - ok
16:54:05.0218 2480  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
16:54:05.0375 2480  seclogon - ok
16:54:05.0390 2480  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
16:54:05.0546 2480  SENS - ok
16:54:05.0859 2480  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
16:54:06.0015 2480  Serial - ok
16:54:06.0078 2480  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
16:54:06.0218 2480  Sfloppy - ok
16:54:06.0296 2480  [ 0692E5BF83B1F10102BA9BD240110B4E ] Sftfs           C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
16:54:06.0359 2480  Sftfs - ok
16:54:06.0468 2480  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
16:54:06.0500 2480  sftlist - ok
16:54:06.0562 2480  [ 07BEC1B450FD93DFCE7341D41D422AB1 ] Sftplay         C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
16:54:06.0593 2480  Sftplay - ok
16:54:06.0625 2480  [ 3E65185232697F2190BD618AD050034A ] Sftredir        C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
16:54:06.0640 2480  Sftredir - ok
16:54:06.0656 2480  [ F372506BC97F14A41FB81BBE3223906B ] Sftvol          C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
16:54:06.0671 2480  Sftvol - ok
16:54:06.0687 2480  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
16:54:06.0718 2480  sftvsa - ok
16:54:06.0765 2480  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
16:54:06.0937 2480  SharedAccess - ok
16:54:06.0968 2480  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:54:07.0000 2480  ShellHWDetection - ok
16:54:07.0015 2480  Simbad - ok
16:54:07.0031 2480  Sparrow - ok
16:54:07.0109 2480  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
16:54:07.0250 2480  splitter - ok
16:54:07.0312 2480  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
16:54:07.0375 2480  Spooler - ok
16:54:07.0406 2480  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
16:54:07.0562 2480  sr - ok
16:54:07.0609 2480  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
16:54:07.0781 2480  srservice - ok
16:54:07.0875 2480  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
16:54:07.0968 2480  Srv - ok
16:54:07.0984 2480  SrvcEKIOMngr - ok
16:54:08.0000 2480  sscdbus - ok
16:54:08.0015 2480  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
16:54:08.0156 2480  SSDPSRV - ok
16:54:08.0187 2480  Steam Client Service - ok
16:54:08.0218 2480  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
16:54:08.0406 2480  stisvc - ok
16:54:08.0453 2480  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
16:54:08.0593 2480  swenum - ok
16:54:08.0625 2480  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
16:54:08.0781 2480  swmidi - ok
16:54:08.0781 2480  SwPrv - ok
16:54:08.0890 2480  [ 486A64AABD88E4E174681E89E9736BC9 ] Swupdtmr        c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
16:54:08.0906 2480  Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
16:54:08.0906 2480  Swupdtmr - detected UnsignedFile.Multi.Generic (1)
16:54:08.0921 2480  symc810 - ok
16:54:08.0937 2480  symc8xx - ok
16:54:08.0968 2480  [ 46AE80304322442CF5D971E63F138551 ] SymEvent        C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
16:54:08.0984 2480  SymEvent - ok
16:54:09.0031 2480  [ E5A4D3DA0E733DD8C77251C5EB0D8FEA ] SymIM           C:\WINDOWS\system32\DRIVERS\SymIM.sys
16:54:09.0062 2480  SymIM - ok
16:54:09.0078 2480  [ E5A4D3DA0E733DD8C77251C5EB0D8FEA ] SymIMMP         C:\WINDOWS\system32\DRIVERS\SymIM.sys
16:54:09.0093 2480  SymIMMP - ok
16:54:09.0109 2480  sym_hi - ok
16:54:09.0125 2480  sym_u3 - ok
16:54:09.0187 2480  [ F6770219B73BD989D5613D2E9C78A227 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:54:09.0250 2480  SynTP - ok
16:54:09.0281 2480  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
16:54:09.0437 2480  sysaudio - ok
16:54:09.0468 2480  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
16:54:09.0656 2480  SysmonLog - ok
16:54:09.0687 2480  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\WINDOWS\system32\DRIVERS\taphss.sys
16:54:09.0703 2480  taphss - ok
16:54:09.0734 2480  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
16:54:09.0921 2480  TapiSrv - ok
16:54:09.0968 2480  [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas          C:\WINDOWS\system32\DRIVERS\tapoas.sys
16:54:10.0093 2480  tapoas ( UnsignedFile.Multi.Generic ) - warning
16:54:10.0093 2480  tapoas - detected UnsignedFile.Multi.Generic (1)
16:54:10.0265 2480  [ 7001C83D3633FF16DEA9F7ADE1C0F309 ] TAPPSRV         C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
16:54:10.0296 2480  TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
16:54:10.0296 2480  TAPPSRV - detected UnsignedFile.Multi.Generic (1)
16:54:10.0406 2480  [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv        C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
16:54:10.0515 2480  tbiosdrv - ok
16:54:10.0546 2480  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:54:10.0640 2480  Tcpip - ok
16:54:10.0703 2480  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
16:54:10.0859 2480  TDPIPE - ok
16:54:10.0890 2480  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
16:54:11.0031 2480  TDTCP - ok
16:54:11.0062 2480  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
16:54:11.0203 2480  TermDD - ok
16:54:11.0265 2480  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
16:54:11.0437 2480  TermService - ok
16:54:11.0468 2480  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
16:54:11.0484 2480  Themes - ok
16:54:11.0500 2480  TosIde - ok
16:54:11.0531 2480  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
16:54:11.0718 2480  TrkWks - ok
16:54:11.0781 2480  [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD           C:\WINDOWS\system32\DRIVERS\NBSMI.sys
16:54:11.0859 2480  TVALD ( UnsignedFile.Multi.Generic ) - warning
16:54:11.0859 2480  TVALD - detected UnsignedFile.Multi.Generic (1)
16:54:11.0890 2480  [ 12C836C7FE526D7B3239AF82E4083BE2 ] Tvs             C:\WINDOWS\system32\DRIVERS\Tvs.sys
16:54:11.0984 2480  Tvs ( UnsignedFile.Multi.Generic ) - warning
16:54:11.0984 2480  Tvs - detected UnsignedFile.Multi.Generic (1)
16:54:12.0015 2480  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
16:54:12.0171 2480  Udfs - ok
16:54:12.0218 2480  [ A4E07DA3AE2078BD96E84D4BAA07B71D ] ULCDRHlp        C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
16:54:12.0281 2480  ULCDRHlp ( UnsignedFile.Multi.Generic ) - warning
16:54:12.0281 2480  ULCDRHlp - detected UnsignedFile.Multi.Generic (1)
16:54:12.0328 2480  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:54:12.0343 2480  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
16:54:12.0343 2480  UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
16:54:12.0359 2480  ultra - ok
16:54:12.0390 2480  [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf           C:\WINDOWS\system32\wdfmgr.exe
16:54:12.0437 2480  UMWdf - ok
16:54:12.0484 2480  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
16:54:12.0656 2480  Update - ok
16:54:12.0703 2480  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
16:54:12.0859 2480  upnphost - ok
16:54:12.0890 2480  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
16:54:13.0031 2480  UPS - ok
16:54:13.0078 2480  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
16:54:13.0296 2480  USBAAPL - ok
16:54:13.0328 2480  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:54:13.0484 2480  usbccgp - ok
16:54:13.0515 2480  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:54:13.0656 2480  usbehci - ok
16:54:13.0687 2480  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:54:13.0843 2480  usbhub - ok
16:54:13.0875 2480  [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:54:14.0015 2480  usbohci - ok
16:54:14.0031 2480  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:54:14.0171 2480  usbprint - ok
16:54:14.0203 2480  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:54:14.0343 2480  usbscan - ok
16:54:14.0375 2480  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:54:14.0531 2480  USBSTOR - ok
16:54:14.0546 2480  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
16:54:14.0687 2480  VgaSave - ok
16:54:14.0703 2480  ViaIde - ok
16:54:14.0734 2480  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
16:54:14.0906 2480  VolSnap - ok
16:54:14.0968 2480  [ 971846A806E69F743050B3E393639344 ] vsdatant        C:\WINDOWS\system32\vsdatant.sys
16:54:15.0046 2480  vsdatant - ok
16:54:15.0109 2480  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
16:54:15.0265 2480  VSS - ok
16:54:15.0312 2480  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
16:54:15.0453 2480  W32Time - ok
16:54:15.0484 2480  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:54:15.0640 2480  Wanarp - ok
16:54:15.0687 2480  [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw          C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:54:15.0734 2480  wanatw - ok
16:54:15.0843 2480  [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:54:15.0875 2480  Wdf01000 - ok
16:54:15.0875 2480  WDICA - ok
16:54:15.0921 2480  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
16:54:16.0078 2480  wdmaud - ok
16:54:16.0109 2480  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
16:54:16.0265 2480  WebClient - ok
16:54:16.0343 2480  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
16:54:16.0500 2480  winmgmt - ok
16:54:16.0562 2480  [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
16:54:16.0609 2480  WmdmPmSN - ok
16:54:16.0656 2480  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:54:16.0812 2480  WmiApSrv - ok
16:54:16.0859 2480  [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb          C:\WINDOWS\system32\Drivers\wpdusb.sys
16:54:16.0921 2480  WpdUsb - ok
16:54:17.0015 2480  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:54:17.0093 2480  WPFFontCache_v0400 - ok
16:54:17.0156 2480  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:54:17.0375 2480  WS2IFSL - ok
16:54:17.0421 2480  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
16:54:17.0562 2480  wscsvc - ok
16:54:17.0593 2480  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
16:54:17.0750 2480  wuauserv - ok
16:54:17.0843 2480  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
16:54:17.0984 2480  WZCSVC - ok
16:54:18.0015 2480  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
16:54:18.0187 2480  xmlprov - ok
16:54:18.0234 2480  [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21          C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:54:18.0296 2480  xusb21 - ok
16:54:18.0312 2480  zppinger - ok
16:54:18.0343 2480  ================ Scan global ===============================
16:54:18.0390 2480  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:54:18.0453 2480  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:54:18.0468 2480  [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:54:18.0500 2480  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:54:18.0500 2480  [Global] - ok
16:54:18.0500 2480  ================ Scan MBR ==================================
16:54:18.0531 2480  [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
16:54:18.0750 2480  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:54:18.0750 2480  \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:54:18.0765 2480  ================ Scan VBR ==================================
16:54:18.0765 2480  [ 221198626C4D6B2D51EB7D43F412E257 ] \Device\Harddisk0\DR0\Partition1
16:54:18.0765 2480  \Device\Harddisk0\DR0\Partition1 - ok
16:54:18.0765 2480  ============================================================
16:54:18.0765 2480  Scan finished
16:54:18.0765 2480  ============================================================
16:54:18.0953 0248  Detected object count: 21
16:54:18.0953 0248  Actual detected object count: 21
16:54:42.0734 0248  ACS ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0734 0248  ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0734 0248  AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0734 0248  AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0734 0248  CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0734 0248  CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0734 0248  DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0734 0248  DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0750 0248  Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0750 0248  Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  Swupdtmr ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  Swupdtmr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  tapoas ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  tapoas ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0765 0248  Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0765 0248  Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0781 0248  ULCDRHlp ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0781 0248  ULCDRHlp ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0781 0248  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:54:42.0781 0248  UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:54:42.0781 0248  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:54:42.0781 0248  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-25 17:38:26
-----------------------------
17:38:26.453    OS Version: Windows 5.1.2600 Service Pack 3
17:38:26.453    Number of processors: 1 586 0xD08
17:38:26.453    ComputerName: CHRISTY  UserName: r
17:38:34.093    Initialize success
17:38:42.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:38:42.890    Disk 0 Vendor: HTS541080G9SA00 MB4OC60D Size: 76319MB BusType: 3
17:38:43.031    Disk 0 MBR read successfully
17:38:43.031    Disk 0 MBR scan
17:38:43.031    Disk 0 Windows XP default MBR code
17:38:43.031    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76067 MB offset 63
17:38:43.062    Disk 0 Partition 2 00     88 Linux plaintext A Kárò'ó      251 MB offset 155787030
17:38:43.093    Disk 0 scanning sectors +156301110
17:38:43.125    Disk 0 scanning C:\WINDOWS\system32\drivers
17:38:52.375    Service scanning
17:38:59.937    Service MpKsl89c7022e c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A378E5C3-AAB7-4703-815D-D1898CF7A7C7}\MpKsl89c7022e.sys **LOCKED** 32
17:39:13.578    Modules scanning
17:39:23.656    Disk 0 trace - called modules:
17:39:23.671    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
17:39:24.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85355ab8]
17:39:24.000    3 CLASSPNP.SYS[f7630fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85356d98]
17:39:24.000    Scan finished successfully
17:39:38.656    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\r\Desktop\MBR.dat"
17:39:38.734    The log file has been saved successfully to "C:\Documents and Settings\r\Desktop\aswMBR.txt"

 

 

 

 

 

Attached Files

  • Attached File  MBR.zip   510bytes   0 downloads

Edited by vash2275, 25 July 2013 - 05:00 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 26 July 2013 - 07:51 AM

Rerun TDSS and change the option on thse to Cure or Delete.

16:54:42.0781 0248 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:54:42.0781 0248 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Restart the computer normally,
===

Run the following scan.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 26 July 2013 - 06:50 PM

Everything went fine except I could not get combofix to run at all left it multiple times running for 40 mins in and out of safe mode and

it would not run.  it would also disable the internet in safe mode.  All the other programs ran fine. thanks again for the help.

 

# AdwCleaner v2.306 - Logfile created 07/26/2013 at 14:47:11
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : r - CHRISTY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\r\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\CHRISTY\Application Data\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Documents and Settings\r\Application Data\Mozilla\Firefox\Profiles\fhim4lhq.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1894 octets] - [26/07/2013 14:46:25]
AdwCleaner[S1].txt - [1851 octets] - [26/07/2013 14:47:11]

########## EOF - C:\AdwCleaner[S1].txt - [1911 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.3 (07.25.2013:1)
OS: Microsoft Windows XP x86
Ran by r on Fri 07/26/2013 at 14:54:47.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] hssdrv



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\system32\sho12.tmp
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
Successfully deleted: [File] C:\Documents and Settings\r\Local Settings\Application Data\{9D8B1860-8081-11E1-826D-B8AC6F996F26}\chrome\content\browser.xul [Trojan:JS/Medfos.A]



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] C:\Documents and Settings\r\Local Settings\Application Data\{9D8B1860-8081-11E1-826D-B8AC6F996F26} [Trojan:JS/Medfos.A]



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\r\Application Data\mozilla\firefox\profiles\fhim4lhq.default\extensions\symhpnzdjm@symhpnzdjm.org.xpi [Tracur]
Emptied folder: C:\Documents and Settings\r\Application Data\mozilla\firefox\profiles\fhim4lhq.default\minidumps [59 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/26/2013 at 15:02:58.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 SUPERAntiSpyware Free Edition   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java™ 6 Update 31  
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.7.700.169  
 Mozilla Firefox 15.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 WinPatrol winpatrol.exe
 BillP Studios WinPatrol winpatrol.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 27 July 2013 - 07:44 AM

Lets check for some ZeroAccess remnant items.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 31

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

This may take 1 or 2 hours. Execute it when you know you will not be using the computer.
Total Fragmentation on Drive C:: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)

#7 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 27 July 2013 - 03:43 PM

here is the log for roguekiller

 

 

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : r [Admin rights]
Mode : Remove -- Date : 07/27/2013 12:34:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[SERVICE][HJNAME] HKLM\[...]\CCSet\[...]\Services : yukonwxp (C:\WINDOWS\\system32\svchost.exe -k netsvcs [7][x]) -> DELETED
[SERVICE][HJNAME] HKLM\[...]\CS001\[...]\Services : yukonwxp (C:\WINDOWS\\system32\svchost.exe -k netsvcs [7][x]) -> DELETED
[SERVICE][HJNAME] HKLM\[...]\CS003\[...]\Services : yukonwxp (C:\WINDOWS\\system32\svchost.exe -k netsvcs [7][x]) -> DELETED
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=localhost:7171) -> NOT REMOVED, USE PROXYFIX
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\WINDOWS\Installer\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\U [-] --> DELETED
[ZeroAccess][Folder] U : C:\Documents and Settings\r\Local Settings\Application Data\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\U [-] --> DELETED
[ZeroAccess][Folder] L : C:\WINDOWS\Installer\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\L [-] --> DELETED
[ZeroAccess][Folder] L : C:\Documents and Settings\r\Local Settings\Application Data\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\L [-] --> DELETED
[ZeroAccess][File] 00000004.@ : C:\WINDOWS\Installer\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\L\00000004.@ [-] --> DELETED
[ZeroAccess][File] 1afb2d56 : C:\WINDOWS\Installer\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\L\1afb2d56 [-] --> DELETED
[ZeroAccess][File] 201d3dde : C:\WINDOWS\Installer\{42f79db7-7bcb-85a4-66ba-38652767ccdb}\L\201d3dde [-] --> DELETED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++
--- User ---
[MBR] 12af68b77141a8503584b3d2e848c044
[BSP] 8443b6859fbbb1f938175e37c14180a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76067 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 155787030 | Size: 251 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_07272013_123432.txt >>
RKreport[0]_S_07272013_123309.txt
 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 28 July 2013 - 06:52 AM

Looking better.

Did you set this proxy setting?

hxxp=localhost:7171

How is the computer performing now?

#9 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 July 2013 - 11:29 AM

Looking better.

Did you set this proxy setting?

hxxp=localhost:7171


How is the computer performing now?

 

 

 

 

 

no I did not set that proxy setting.

 

still can not access the internet except in safe mode.  the pc is running better though.


Edited by vash2275, 28 July 2013 - 11:31 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 28 July 2013 - 01:13 PM

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:7171 if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Open Internet Explorer Tools menu > Internet options > Advanced tab.
Click the RESET button to reset the IE settings.

Restart the computer normally.

How is it now

#11 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 28 July 2013 - 04:55 PM

none of the proxy settings were on when I checked and the internet is still not working.  also my hibernate button is gone I believe the rootkit redownloaded something when I updated adobe reader in safe mode.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 29 July 2013 - 06:58 AM

Run the RogueKiller tool one more time.
Submit the log.
===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List installed programs

  • Click Go and copy/paste the log (Result.txt) into your next post.

    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#13 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 29 July 2013 - 02:30 PM

here are the logs thank you again for the help

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : r [Admin rights]
Mode : Scan -- Date : 07/29/2013 13:06:15
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKLM\[...]\Internet Settings : ProxyServer (hxxp=localhost:7171) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541080G9SA00 +++++
--- User ---
[MBR] 12af68b77141a8503584b3d2e848c044
[BSP] 8443b6859fbbb1f938175e37c14180a6 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76067 Mo
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 155787030 | Size: 251 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07292013_130615.txt >>
RKreport[0]_D_07272013_123432.txt;RKreport[0]_S_07272013_123309.txt;RKreport[0]_S_07282013_155604.txt

 

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by r (administrator) on 29-07-2013 at 15:09:06
Running from "C:\Documents and Settings\r\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Media disconnected)
Atheros AR5005G Wireless Network Adapter = Wireless Network Connection (Media disconnected)
TAP-Win32 Adapter OAS = Local Area Connection 2 (Media disconnected)
VPN Client Adapter - VPN = VPN - VPN Client (Media disconnected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "VPN - VPN Client"

set address name="VPN - VPN Client" source=dhcp
set dns name="VPN - VPN Client" source=dhcp register=PRIMARY
set wins name="VPN - VPN Client" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : christy

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter VPN - VPN Client:



        Media State . . . . . . . . . . . : Media disconnected

        Description . . . . . . . . . . . : VPN Client Adapter - VPN

        Physical Address. . . . . . . . . : 00-AC-21-F2-FF-25

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server:  UnKnown
Address:  127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ac 21 f2 ff 25 ...... VPN Client Adapter - VPN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
  255.255.255.255  255.255.255.255  255.255.255.255               2      1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/29/2013 03:08:04 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/29/2013 01:08:20 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/28/2013 03:58:02 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/27/2013 00:47:12 PM) (Source: MsiInstaller) (User: CHRISTY)
Description: The installation of C:\Documents and Settings\r\Application Data\Sun\Java\jre1.7.0_25\jre1.7.0_25-c.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

Error: (07/26/2013 03:01:54 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/25/2013 05:00:21 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/22/2013 01:44:55 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/21/2013 05:41:45 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/21/2013 05:16:51 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (07/21/2013 04:28:53 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.


System errors:
=============
Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:46 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126

Error: (07/29/2013 03:06:45 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1990.41618)
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.68)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Shockwave Player 11.5 (Version: 11.5)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon Music Importer (Version: 2.0.1)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Software Suite
Atheros Client Utility (Version: 1.41.000)
Atheros Wireless LAN MiniPCI card Driver (Version: 1.26.000)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.162-050803a2-028209C-Toshiba)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.18)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Coupon Printer for Windows (Version: 4.0)
DING! (Version: 1.05.005)
DJ_AIO_ProductContext (Version: 82.0.203.000)
DVD-RAM Driver (Version: 5.0.2.0)
EZ-DUB (Version: 3.0)
EZ-DUB Finder (Version: 1.00.0722)
F4100_Help (Version: 82.0.203.000)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
ImgBurn (Version: 2.5.6.0)
InterActual Player
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.529)
iTunes (Version: 11.0.1.12)
Jaksta Streaming Media Recorder (4.4.3) (Version: 4.4.3)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Metamail (Toshiba Registration Utility) (Version: 4.5)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 Trial (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2010 - English (Version: 14.0.5139.5005)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional 2007 Subscription (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
MP3 Player Utilities 4.00 (Version: 4.00)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Office 2003 Trial Assistant (Version: 1.0.0)
OTOY
QuickTime (Version: 7.69.80.9)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.70)
Realtek High Definition Audio Driver (Version: 2.02)
Replay Media Catcher 4 (4.3.2) (Version: 4.3.2)
Revo Uninstaller 1.93 (Version: 1.93)
sat_screensaver_30mb
StreamTransport version: 1.0.2.1700
SUPERAntiSpyware Free Edition (Version: 4.32.0.1000)
Synaptics Pointing Device Driver (Version: 7.12.4.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.70.09)
TOSHIBA Controls
TOSHIBA Hotkey Utility (Version: 1.00.01SE)
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver (Version: 7.03.07.I)
TOSHIBA Software Modem (Version: 2.1.62 (SM2162ALD02))
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01SE)
TOSHIBA Utilities (Version: 1.00.04SE)
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0322)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0213)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0165)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0963)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0408)
TurboTax 2008 wrapper (Version: 008.000.0062)
TurboTax 2008 wvaiper (Version: 008.000.0116)
TurboTax Deluxe 2007
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Verizon Help and Support Tool
Verizon High Speed Internet
Verizon Servicepoint 1.5.22 (Version: 1.5.22)
VLC media player 2.0.3 (Version: 2.0.3)
Vz In Home Agent (Version: 7.04.14)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0059.1)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPatrol (Version: 24.6.2012)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
Wireshark 1.8.4 (32-bit) (Version: 1.8.4)

**** End of log ****
 



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,476 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:42 AM

Posted 30 July 2013 - 07:47 AM

Still some work to be done.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#15 vash2275

vash2275
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 30 July 2013 - 06:31 PM

here are the logs thanks again for the help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 03
Ran by r (administrator) on 30-07-2013 19:11:46
Running from C:\Documents and Settings\r\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
() C:\WINDOWS\system32\acs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\DVDRAMSV.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Verizon\McciTrayApp.exe
(Verizon) C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Tvs\TvsTray.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoCtlSvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(TOSHIBA) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Agere Systems) C:\Program Files\ltmoh\Ltmoh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
() c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Matsubleepa Electric Industrial Co., Ltd.) C:\WINDOWS\system32\RAMASST.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Verizon_McciTrayApp] - C:\Program Files\Verizon\McciTrayApp.exe [1565696 2010-03-17] (Alcatel-Lucent)
HKLM\...\Run: [VerizonServicepoint.exe] - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe [2065648 2008-09-16] (Verizon)
HKLM\...\Run: [Tvs] - C:\Program Files\Toshiba\Tvs\TvsTray.exe [73728 2005-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [TPSMain] - C:\Windows\system32\TPSMain.exe [282624 2005-06-01] (TOSHIBA Corporation)
HKLM\...\Run: [THotkey] - C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [352256 2005-11-25] (TOSHIBA)
HKLM\...\Run: [SynTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [98394 2004-10-14] (Synaptics, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [688218 2004-10-14] (Synaptics, Inc.)
HKLM\...\Run: [SmoothView] - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [122880 2005-04-26] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [15473664 2005-11-10] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Pinger] - c:\toshiba\ivp\ism\pinger.exe [151552 2005-03-17] (TOSHIBA Corporation)
HKLM\...\Run: [PadTouch] - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [1077322 2005-07-15] (TOSHIBA)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [LtMoh] - C:\Program Files\ltmoh\Ltmoh.exe [188416 2005-05-19] (Agere Systems)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [CFSServ.exe] - CFSServ.exe -NoClient [x]
HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-08-06] (ATI Technologies, Inc.)
HKLM\...\Run: [AGRSMMSG] - C:\Windows\AGRSMMSG.exe [88203 2005-10-15] (Agere Systems)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [374368 2012-04-15] (BillP Studios)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [65536 2004-12-30] (TOSHIBA)
HKU\Administrator\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2004-12-30] (TOSHIBA)
HKU\CHRISTY\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2004-12-30] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [ 2004-12-30] (TOSHIBA)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
ShortcutTarget: RAMASST.lnk -> C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
Startup: C:\Documents and Settings\CHRISTY\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
Startup: C:\Documents and Settings\CHRISTY\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: No Name - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\r\Application Data\Mozilla\Firefox\Profiles\fhim4lhq.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF Extension: No Name - C:\Documents and Settings\r\Application Data\Mozilla\Firefox\Profiles\fhim4lhq.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{6E44C66A-41E1-4BF2-B1A7-61998AF9EEF6}] C:\Documents and Settings\Christy Marie.CHRISTY\Local Settings\Application Data\{6E44C66A-41E1-4BF2-B1A7-61998AF9EEF6}
FF HKCU\...\Firefox\Extensions: [{9D8B1860-8081-11E1-826D-B8AC6F996F26}] C:\Documents and Settings\r\Local Settings\Application Data\{9D8B1860-8081-11E1-826D-B8AC6F996F26}\

========================== Services (Whitelisted) =================

R2 ACS; C:\WINDOWS\system32\acs.exe [36864 2005-07-08] ()
R2 DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [110592 2004-08-28] (Matsubleepa Electric Industrial Co., Ltd.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
R2 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [40960 2005-07-12] ()
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [35328 2005-08-10] (TOSHIBA Corp.)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.)
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S2 avgtdi; %systemroot%\system32\dot4print.dll [x]
S2 BVRPMPR5; %systemroot%\system32\ixiaendpoint.dll [x]
S2 bwsvc; %systemroot%\system32\VAIOMediaPlatform-MusicServer-HTTP.dll [x]
S2 eskerlicensecontrol; %systemroot%\system32\s24trans.dll [x]
S2 filemon701; %systemroot%\system32\googledesktopmanager.dll [x]
S2 iAimTV6; %systemroot%\system32\nod32krn.dll [x]
S2 itchfltr; %systemroot%\system32\RMSvc.dll [x]
S2 OpenVPNAccessClient; "C:\Program Files\OpenVPN Technologies\PrivateTunnel\core\capiws.exe" [x]
S2 PolarUSB; %systemroot%\system32\slimsvc.dll [x]
S2 raysatxsi5_0server; %systemroot%\system32\incdrm.dll [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
S2 SrvcEKIOMngr; %systemroot%\system32\ATSWPDRV.dll [x]
S2 sscdbus; %systemroot%\system32\wmconnectcds.dll [x]
S2 zppinger; %systemroot%\system32\DM9102.dll [x]

==================== Drivers (Whitelisted) ====================

R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [17801 2006-03-18] (Meetinghouse Data Communications)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-25] (Applian Technologies Inc.)
R3 AR5211; C:\Windows\System32\DRIVERS\ar5211.sys [468736 2005-09-12] (Atheros Communications, Inc.)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [1273344 2005-08-04] (ATI Technologies Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2006-12-06] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2006-12-06] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-12-06] (HP)
R3 HssDrv; C:\Windows\System32\DRIVERS\HssDrv.sys [39656 2012-08-01] (AnchorFree Inc.)
R1 meiudf; C:\Windows\System32\Drivers\meiudf.sys [102384 2005-06-02] (Matsubleepa Electric Industrial Co.,Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 MREMP50; C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0022.sys [25824 2013-07-18] (SoftEther Project at University of Tsukuba, Japan.)
R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R3 pfc; C:\Windows\System32\drivers\pfc.sys [21248 2003-09-19] (Padus, Inc.)
R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation                           )
S3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfsxp.sys [584680 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplayxp.sys [209512 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirxp.sys [20584 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolxp.sys [18280 2011-10-01] (Microsoft Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124464 2009-03-31] (Symantec Corporation)
S3 SymIM; C:\Windows\System32\DRIVERS\SymIM.sys [36400 2009-03-31] (Symantec Corporation)
R3 SymIMMP; C:\Windows\System32\DRIVERS\SymIM.sys [36400 2009-03-31] (Symantec Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-08-01] (AnchorFree Inc)
R3 tbiosdrv; C:\Windows\System32\DRIVERS\tbiosdrv.sys [9472 2005-08-24] ()
R3 TVALD; C:\Windows\System32\DRIVERS\NBSMI.sys [6144 2005-10-20] (Toshiba Corporation)
R3 Tvs; C:\Windows\System32\DRIVERS\Tvs.sys [43264 2005-11-15] (TOSHIBA Corporation)
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-22] (Ulead Systems, Inc.)
S3 vsdatant; C:\Windows\System32\vsdatant.sys [271792 2004-10-12] (Zone Labs Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S4 IntelIde; No ImagePath
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S3 SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [x]
S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [x]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

NETSVC: SrvcEKIOMngr -> C:\Windows\system32\ATSWPDRV.dll ==> No File.
NETSVC: raysatxsi5_0server -> C:\Windows\system32\incdrm.dll ==> No File.
NETSVC: iAimTV6 -> C:\Windows\system32\nod32krn.dll ==> No File.
NETSVC: PolarUSB -> C:\Windows\system32\slimsvc.dll ==> No File.
NETSVC: eskerlicensecontrol -> C:\Windows\system32\s24trans.dll ==> No File.
NETSVC: sscdbus -> C:\Windows\system32\wmconnectcds.dll ==> No File.
NETSVC: filemon701 -> C:\Windows\system32\googledesktopmanager.dll ==> No File.
NETSVC: BVRPMPR5 -> C:\Windows\system32\ixiaendpoint.dll ==> No File.
NETSVC: zppinger -> C:\Windows\system32\DM9102.dll ==> No File.
NETSVC: avgtdi -> C:\Windows\system32\dot4print.dll ==> No File.
NETSVC: bwsvc -> C:\Windows\system32\VAIOMediaPlatform-MusicServer-HTTP.dll ==> No File.
NETSVC: itchfltr -> C:\Windows\system32\RMSvc.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-07-30 19:09 - 2013-07-30 19:09 - 00000000 ____D C:\FRST
2013-07-30 12:54 - 2013-07-30 12:55 - 01222114 _____ (Farbar) C:\Documents and Settings\r\Desktop\FRST.exe
2013-07-29 15:11 - 2013-07-29 15:11 - 00018147 _____ C:\Documents and Settings\r\Desktop\Result 23.txt
2013-07-29 15:03 - 2013-07-29 15:03 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-29 15:02 - 2013-07-29 15:02 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-29 15:02 - 2013-07-29 15:02 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-29 13:25 - 2013-07-29 13:28 - 31714216 _____ (Oracle Corporation) C:\Documents and Settings\r\Desktop\jre-7u25-windows-i586.exe
2013-07-29 13:16 - 2013-07-29 13:16 - 00018705 _____ C:\Documents and Settings\r\Desktop\Result 2.txt
2013-07-29 13:12 - 2013-07-29 15:09 - 00018147 _____ C:\Documents and Settings\r\Desktop\Result.txt
2013-07-29 13:09 - 2013-07-29 13:09 - 00001547 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_D_07292013_130915.txt
2013-07-29 13:08 - 2013-07-29 13:08 - 00001492 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07292013_130615 2.txt
2013-07-29 13:06 - 2013-07-29 13:06 - 00001492 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07292013_130615.txt
2013-07-29 12:53 - 2013-07-29 12:53 - 00000585 _____ C:\Documents and Settings\r\Desktop\jkhjh.txt
2013-07-28 15:59 - 2013-07-28 16:00 - 00000995 _____ C:\AdwCleaner[S2].txt
2013-07-28 15:59 - 2013-07-28 15:59 - 00000936 _____ C:\AdwCleaner[R2].txt
2013-07-28 15:56 - 2013-07-28 15:56 - 00001456 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07282013_155604.txt
2013-07-27 12:42 - 2013-07-27 12:42 - 00903080 _____ (Oracle Corporation) C:\Documents and Settings\r\Desktop\jxpiinstall.exe
2013-07-27 12:34 - 2013-07-27 12:34 - 00002913 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_D_07272013_123432.txt
2013-07-27 12:33 - 2013-07-27 12:33 - 00002475 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07272013_123309.txt
2013-07-27 12:30 - 2013-07-27 12:34 - 00000000 ____D C:\Documents and Settings\r\Desktop\RK_Quarantine
2013-07-27 12:24 - 2013-07-27 12:24 - 00003943 _____ C:\Documents and Settings\r\Desktop\jgffhjn.txt
2013-07-27 12:14 - 2013-07-27 12:14 - 00915968 _____ C:\Documents and Settings\r\Desktop\RogueKiller.exe
2013-07-26 19:35 - 2013-07-26 19:35 - 00001151 _____ C:\Documents and Settings\r\Desktop\checkup.txt
2013-07-26 18:59 - 2013-07-26 19:01 - 00000000 ___SD C:\ComboFix
2013-07-26 18:05 - 2013-07-26 18:05 - 00000000 ____D C:\Qoobox
2013-07-26 18:05 - 2011-06-26 02:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2013-07-26 18:05 - 2010-11-07 13:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2013-07-26 18:05 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00098816 _____ C:\WINDOWS\sed.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00080412 _____ C:\WINDOWS\grep.exe
2013-07-26 18:05 - 2000-08-30 20:00 - 00068096 _____ C:\WINDOWS\zip.exe
2013-07-26 18:00 - 2013-07-26 18:01 - 05094311 ____R (Swearware) C:\Documents and Settings\r\Desktop\ComboFix.exe
2013-07-26 15:02 - 2013-07-26 15:02 - 00001766 _____ C:\Documents and Settings\r\Desktop\JRT.txt
2013-07-26 14:54 - 2013-07-26 14:54 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-26 14:51 - 2013-07-26 14:51 - 00001980 _____ C:\Documents and Settings\r\Desktop\AdwCleaner[S1].txt
2013-07-26 14:47 - 2013-07-26 14:47 - 00001980 _____ C:\AdwCleaner[S1].txt
2013-07-26 14:46 - 2013-07-26 14:46 - 00001894 _____ C:\AdwCleaner[R1].txt
2013-07-26 14:30 - 2013-07-26 14:30 - 00004173 _____ C:\Documents and Settings\r\Desktop\sjdklnhlcksa.txt
2013-07-26 14:24 - 2013-07-26 14:24 - 00891098 _____ C:\Documents and Settings\r\Desktop\SecurityCheck(1).exe
2013-07-26 14:21 - 2013-07-26 14:21 - 00666633 _____ C:\Documents and Settings\r\Desktop\adwcleaner.exe
2013-07-26 14:21 - 2013-07-26 14:21 - 00561140 _____ (Oleg N. Scherbakov) C:\Documents and Settings\r\Desktop\JRT.exe
2013-07-26 13:04 - 2013-07-26 13:04 - 00000071 _____ C:\Documents and Settings\r\Desktop\gjhgs.txt
2013-07-25 17:53 - 2013-07-25 17:53 - 00000510 _____ C:\Documents and Settings\r\Desktop\MBR.zip
2013-07-25 17:39 - 2013-07-25 17:39 - 00001790 _____ C:\Documents and Settings\r\Desktop\aswMBR.txt
2013-07-25 17:39 - 2013-07-25 17:39 - 00000512 _____ C:\Documents and Settings\r\Desktop\MBR.dat
2013-07-25 17:28 - 2013-07-25 17:30 - 04745728 _____ (AVAST Software) C:\Documents and Settings\r\Desktop\aswMBR.exe
2013-07-25 16:58 - 2013-07-25 16:58 - 00000440 _____ C:\Documents and Settings\r\My Documents\aswMBR.txt
2013-07-25 16:56 - 2013-07-25 16:56 - 00052309 _____ C:\Documents and Settings\r\Desktop\gjgjg.txt
2013-07-22 19:37 - 2013-07-22 19:37 - 00000092 _____ C:\Documents and Settings\Administrator\Desktop\gjkgjg.txt
2013-07-22 13:47 - 2013-07-22 13:47 - 00017219 _____ C:\Documents and Settings\r\Desktop\attach.txt
2013-07-22 13:47 - 2013-07-22 13:46 - 00011854 _____ C:\Documents and Settings\r\Desktop\dds.txt
2013-07-22 13:01 - 2013-07-22 13:01 - 00688992 ____R (Swearware) C:\Documents and Settings\r\Desktop\dds.com
2013-07-22 08:02 - 2013-07-22 08:02 - 00001931 _____ C:\Documents and Settings\r\Desktop\....mm.txt
2013-07-21 18:36 - 2013-07-21 18:38 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (4)
2013-07-21 18:31 - 2013-07-21 18:31 - 00000000 ____D C:\Documents and Settings\r\Desktop\rkill
2013-07-21 17:40 - 2013-07-21 18:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-21 17:19 - 2013-07-21 17:19 - 00000000 ____D C:\Documents and Settings\r\Desktop\mbar-1.06.0.1004
2013-07-21 15:58 - 2013-07-21 15:58 - 00004822 _____ C:\Documents and Settings\r\Desktop\FSS.txt
2013-07-21 15:41 - 2013-07-21 15:41 - 01844864 _____ (Bleeping Computer, LLC) C:\Documents and Settings\r\Desktop\iExplore.exe
2013-07-21 15:40 - 2013-07-21 15:40 - 00004277 _____ C:\Documents and Settings\r\Desktop\n.txt
2013-07-21 15:39 - 2013-07-21 15:39 - 01844864 _____ (Bleeping Computer, LLC) C:\Documents and Settings\r\Desktop\rkill.exe
2013-07-21 15:36 - 2013-07-21 15:38 - 13399154 _____ C:\Documents and Settings\r\Desktop\mbar-1.06.0.1004.zip
2013-07-21 15:36 - 2013-07-21 15:37 - 00760937 _____ (Farbar) C:\Documents and Settings\r\Desktop\MiniToolBox.exe
2013-07-21 15:35 - 2013-07-21 15:36 - 00357077 _____ (Farbar) C:\Documents and Settings\r\Desktop\FSS.exe
2013-07-20 16:09 - 2013-07-22 19:40 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (2)
2013-07-20 02:30 - 2013-07-20 02:30 - 00000013 _____ C:\Documents and Settings\Administrator\My Documents\25-sd-3b8f40b55b21d6880fd99ee91c6c553903f5c6d75f5cf534645a3914a83c9d8b_96B665B1
2013-07-20 02:20 - 2013-07-20 02:20 - 04736823 _____ C:\Documents and Settings\Administrator\My Documents\29223_D0B01FD0.tmp
2013-07-20 02:15 - 2013-07-20 02:20 - 06315764 _____ C:\Documents and Settings\Administrator\My Documents\29223_D0B01FD0
2013-07-19 19:51 - 2013-07-23 22:11 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Streaming Media
2013-07-19 19:51 - 2013-07-19 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2013-07-19 19:51 - 2013-07-19 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Replay Media Catcher 4
2013-07-19 19:31 - 2013-07-19 19:31 - 00001953 _____ C:\Documents and Settings\Administrator\Desktop\jkgkjugkjug.txt
2013-07-19 19:08 - 2013-07-19 19:08 - 00001244 _____ C:\Documents and Settings\Administrator\Desktop\uyggjugkjg.txt
2013-07-19 18:01 - 2013-07-19 18:01 - 00000015 _____ C:\Documents and Settings\Administrator\Desktop\gujugju.txt
2013-07-18 13:48 - 2013-07-18 13:48 - 00025824 _____ (SoftEther Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\Drivers\Neo_0022.sys
2013-07-18 13:47 - 2013-07-19 15:48 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2013-07-18 13:47 - 2013-07-18 13:47 - 00133688 _____ (SoftEther Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2013-07-18 13:24 - 2013-07-18 13:34 - 38216210 _____ C:\Documents and Settings\r\Desktop\vpngate-client-2013.07.19-build-9091.127237.zip
2013-07-18 13:00 - 2013-07-18 14:15 - 00007581 _____ C:\Documents and Settings\r\ovpntray.log
2013-07-18 13:00 - 2013-07-18 13:41 - 00000000 ____D C:\Documents and Settings\r\Application Data\PrivateTunnel
2013-07-18 12:59 - 2013-07-18 12:59 - 00000000 ____D C:\Program Files\OpenVPN Technologies
2013-07-16 09:38 - 2013-07-16 09:38 - 00000034 _____ C:\Documents and Settings\r\Desktop\utuhthttjh.txt
2013-07-14 17:40 - 2013-07-21 15:55 - 00000000 ____D C:\Documents and Settings\r\Desktop\ssm
2013-07-04 23:11 - 2013-07-08 05:08 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (6)
2013-07-02 14:08 - 2013-07-04 23:11 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (3)
100

==================== One Month Modified Files and Folders =======

2013-07-30 19:11 - 2013-07-30 19:10 - 00016133 _____ C:\Documents and Settings\r\Desktop\Addition.txt
2013-07-30 19:09 - 2013-07-30 19:09 - 00000000 ____D C:\FRST
2013-07-30 19:09 - 2009-06-09 15:48 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C0C6FD7C-7D56-4F24-96B5-527492FAB07E}.job
2013-07-30 19:07 - 2005-11-04 22:28 - 01833774 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-30 19:05 - 2005-11-04 23:14 - 00000000 ____D C:\WINDOWS\system32\Lang
2013-07-30 19:05 - 2005-11-04 14:25 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-07-30 19:05 - 2005-11-04 14:25 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-07-30 19:04 - 2005-11-04 22:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-30 19:02 - 2012-03-01 21:47 - 00000178 ___SH C:\Documents and Settings\r\ntuser.ini
2013-07-30 18:33 - 2012-05-31 12:51 - 00000000 ____D C:\Documents and Settings\r\My Documents\My Streaming Media
2013-07-30 17:06 - 2010-06-06 04:40 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-07-30 12:56 - 2009-06-04 19:38 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-30 12:55 - 2013-07-30 12:54 - 01222114 _____ (Farbar) C:\Documents and Settings\r\Desktop\FRST.exe
2013-07-30 12:49 - 2005-11-04 20:53 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-30 00:58 - 2012-04-28 16:02 - 00000000 ____D C:\Documents and Settings\r\My Documents\My Recordings
2013-07-29 23:52 - 2009-08-21 14:47 - 00237568 _____ C:\WINDOWS\system32\rmc_rtspdl.dll
2013-07-29 23:52 - 2009-08-21 14:47 - 00156672 _____ (Radioactive) C:\WINDOWS\system32\rmc_fixasf.exe
2013-07-29 23:51 - 2009-08-21 14:44 - 00323584 _____ (Stefan Toengi) C:\WINDOWS\system32\AUDIOGENIE2.DLL
2013-07-29 23:37 - 2012-10-17 13:54 - 00000000 ____D C:\Documents and Settings\r\Application Data\vlc
2013-07-29 15:12 - 2005-11-04 22:32 - 00032246 _____ C:\WINDOWS\SchedLgU.Txt
2013-07-29 15:11 - 2013-07-29 15:11 - 00018147 _____ C:\Documents and Settings\r\Desktop\Result 23.txt
2013-07-29 15:09 - 2013-07-29 13:12 - 00018147 _____ C:\Documents and Settings\r\Desktop\Result.txt
2013-07-29 15:03 - 2013-07-29 15:03 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-29 15:02 - 2013-07-29 15:02 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-07-29 15:02 - 2013-07-29 15:02 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-07-29 15:02 - 2013-07-29 15:02 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-07-29 15:02 - 2012-04-29 06:36 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-07-29 15:02 - 2010-06-06 05:07 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-07-29 15:01 - 2005-11-05 00:22 - 00000000 ____D C:\Program Files\Java
2013-07-29 13:28 - 2013-07-29 13:25 - 31714216 _____ (Oracle Corporation) C:\Documents and Settings\r\Desktop\jre-7u25-windows-i586.exe
2013-07-29 13:16 - 2013-07-29 13:16 - 00018705 _____ C:\Documents and Settings\r\Desktop\Result 2.txt
2013-07-29 13:11 - 2012-07-23 12:35 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-07-29 13:09 - 2013-07-29 13:09 - 00001547 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_D_07292013_130915.txt
2013-07-29 13:08 - 2013-07-29 13:08 - 00001492 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07292013_130615 2.txt
2013-07-29 13:06 - 2013-07-29 13:06 - 00001492 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07292013_130615.txt
2013-07-29 12:53 - 2013-07-29 12:53 - 00000585 _____ C:\Documents and Settings\r\Desktop\jkhjh.txt
2013-07-28 16:00 - 2013-07-28 15:59 - 00000995 _____ C:\AdwCleaner[S2].txt
2013-07-28 15:59 - 2013-07-28 15:59 - 00000936 _____ C:\AdwCleaner[R2].txt
2013-07-28 15:56 - 2013-07-28 15:56 - 00001456 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07282013_155604.txt
2013-07-28 05:17 - 2013-06-07 16:16 - 00000000 ____D C:\Documents and Settings\r\Application Data\Replay Media Catcher 4
2013-07-27 13:16 - 2012-03-01 21:47 - 00000000 ____D C:\Documents and Settings\r\Local Settings\Application Data\Adobe
2013-07-27 12:42 - 2013-07-27 12:42 - 00903080 _____ (Oracle Corporation) C:\Documents and Settings\r\Desktop\jxpiinstall.exe
2013-07-27 12:34 - 2013-07-27 12:34 - 00002913 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_D_07272013_123432.txt
2013-07-27 12:34 - 2013-07-27 12:30 - 00000000 ____D C:\Documents and Settings\r\Desktop\RK_Quarantine
2013-07-27 12:34 - 2005-11-04 20:53 - 00000000 __SHD C:\Documents and Settings\r\Local Settings\Application Data\{42f79db7-7bcb-85a4-66ba-38652767ccdb}
2013-07-27 12:33 - 2013-07-27 12:33 - 00002475 _____ C:\Documents and Settings\r\Desktop\RKreport[0]_S_07272013_123309.txt
2013-07-27 12:24 - 2013-07-27 12:24 - 00003943 _____ C:\Documents and Settings\r\Desktop\jgffhjn.txt
2013-07-27 12:14 - 2013-07-27 12:14 - 00915968 _____ C:\Documents and Settings\r\Desktop\RogueKiller.exe
2013-07-26 19:35 - 2013-07-26 19:35 - 00001151 _____ C:\Documents and Settings\r\Desktop\checkup.txt
2013-07-26 19:08 - 2009-04-02 20:25 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-26 19:01 - 2013-07-26 18:59 - 00000000 ___SD C:\ComboFix
2013-07-26 18:42 - 2005-11-04 22:28 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-07-26 18:05 - 2013-07-26 18:05 - 00000000 ____D C:\Qoobox
2013-07-26 18:03 - 2010-05-22 18:44 - 00000000 ____D C:\WINDOWS\ERDNT
2013-07-26 18:01 - 2013-07-26 18:00 - 05094311 ____R (Swearware) C:\Documents and Settings\r\Desktop\ComboFix.exe
2013-07-26 15:02 - 2013-07-26 15:02 - 00001766 _____ C:\Documents and Settings\r\Desktop\JRT.txt
2013-07-26 14:54 - 2013-07-26 14:54 - 00000000 ____D C:\WINDOWS\ERUNT
2013-07-26 14:51 - 2013-07-26 14:51 - 00001980 _____ C:\Documents and Settings\r\Desktop\AdwCleaner[S1].txt
2013-07-26 14:47 - 2013-07-26 14:47 - 00001980 _____ C:\AdwCleaner[S1].txt
2013-07-26 14:46 - 2013-07-26 14:46 - 00001894 _____ C:\AdwCleaner[R1].txt
2013-07-26 14:30 - 2013-07-26 14:30 - 00004173 _____ C:\Documents and Settings\r\Desktop\sjdklnhlcksa.txt
2013-07-26 14:24 - 2013-07-26 14:24 - 00891098 _____ C:\Documents and Settings\r\Desktop\SecurityCheck(1).exe
2013-07-26 14:21 - 2013-07-26 14:21 - 00666633 _____ C:\Documents and Settings\r\Desktop\adwcleaner.exe
2013-07-26 14:21 - 2013-07-26 14:21 - 00561140 _____ (Oleg N. Scherbakov) C:\Documents and Settings\r\Desktop\JRT.exe
2013-07-26 13:04 - 2013-07-26 13:04 - 00000071 _____ C:\Documents and Settings\r\Desktop\gjhgs.txt
2013-07-25 17:53 - 2013-07-25 17:53 - 00000510 _____ C:\Documents and Settings\r\Desktop\MBR.zip
2013-07-25 17:39 - 2013-07-25 17:39 - 00001790 _____ C:\Documents and Settings\r\Desktop\aswMBR.txt
2013-07-25 17:39 - 2013-07-25 17:39 - 00000512 _____ C:\Documents and Settings\r\Desktop\MBR.dat
2013-07-25 17:30 - 2013-07-25 17:28 - 04745728 _____ (AVAST Software) C:\Documents and Settings\r\Desktop\aswMBR.exe
2013-07-25 16:58 - 2013-07-25 16:58 - 00000440 _____ C:\Documents and Settings\r\My Documents\aswMBR.txt
2013-07-25 16:56 - 2013-07-25 16:56 - 00052309 _____ C:\Documents and Settings\r\Desktop\gjgjg.txt
2013-07-25 15:03 - 2005-11-07 12:27 - 00000012 _____ C:\WINDOWS\dirsaver.ini
2013-07-25 13:31 - 2012-07-18 22:56 - 02237968 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\r\Desktop\tdsskiller.exe
2013-07-23 22:11 - 2013-07-19 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Streaming Media
2013-07-22 19:40 - 2013-07-20 16:09 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (2)
2013-07-22 19:37 - 2013-07-22 19:37 - 00000092 _____ C:\Documents and Settings\Administrator\Desktop\gjkgjg.txt
2013-07-22 13:47 - 2013-07-22 13:47 - 00017219 _____ C:\Documents and Settings\r\Desktop\attach.txt
2013-07-22 13:46 - 2013-07-22 13:47 - 00011854 _____ C:\Documents and Settings\r\Desktop\dds.txt
2013-07-22 13:01 - 2013-07-22 13:01 - 00688992 ____R (Swearware) C:\Documents and Settings\r\Desktop\dds.com
2013-07-22 08:02 - 2013-07-22 08:02 - 00001931 _____ C:\Documents and Settings\r\Desktop\....mm.txt
2013-07-22 02:14 - 2012-03-03 20:48 - 00017920 _____ C:\Documents and Settings\r\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-21 18:38 - 2013-07-21 18:36 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (4)
2013-07-21 18:38 - 2012-03-28 22:43 - 00000000 ____D C:\Documents and Settings\r\Application Data\SoftGrid Client
2013-07-21 18:31 - 2013-07-21 18:31 - 00000000 ____D C:\Documents and Settings\r\Desktop\rkill
2013-07-21 18:27 - 2013-07-21 17:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-21 17:19 - 2013-07-21 17:19 - 00000000 ____D C:\Documents and Settings\r\Desktop\mbar-1.06.0.1004
2013-07-21 17:11 - 2005-11-04 14:23 - 00611110 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-21 17:05 - 2011-04-18 15:58 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB971029$
2013-07-21 16:11 - 2012-04-03 05:36 - 00000795 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-21 16:11 - 2010-02-27 07:53 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-21 15:58 - 2013-07-21 15:58 - 00004822 _____ C:\Documents and Settings\r\Desktop\FSS.txt
2013-07-21 15:55 - 2013-07-14 17:40 - 00000000 ____D C:\Documents and Settings\r\Desktop\ssm-lbj
2013-07-21 15:41 - 2013-07-21 15:41 - 01844864 _____ (Bleeping Computer, LLC) C:\Documents and Settings\r\Desktop\iExplore.exe
2013-07-21 15:40 - 2013-07-21 15:40 - 00004277 _____ C:\Documents and Settings\r\Desktop\n.txt
2013-07-21 15:39 - 2013-07-21 15:39 - 01844864 _____ (Bleeping Computer, LLC) C:\Documents and Settings\r\Desktop\rkill.exe
2013-07-21 15:38 - 2013-07-21 15:36 - 13399154 _____ C:\Documents and Settings\r\Desktop\mbar-1.06.0.1004.zip
2013-07-21 15:37 - 2013-07-21 15:36 - 00760937 _____ (Farbar) C:\Documents and Settings\r\Desktop\MiniToolBox.exe
2013-07-21 15:36 - 2013-07-21 15:35 - 00357077 _____ (Farbar) C:\Documents and Settings\r\Desktop\FSS.exe
2013-07-20 02:30 - 2013-07-20 02:30 - 00000013 _____ C:\Documents and Settings\Administrator\My Documents\hellokitty25-sd-3b8f40b55b21d6880fd99ee91c6c553903f5c6d75f5cf534645a3914a83c9d8b_96B665B1
2013-07-20 02:20 - 2013-07-20 02:20 - 04736823 _____ C:\Documents and Settings\Administrator\My Documents\29223_D0B01FD0.tmp
2013-07-20 02:20 - 2013-07-20 02:15 - 06315764 _____ C:\Documents and Settings\Administrator\My Documents\29223_D0B01FD0
2013-07-19 19:51 - 2013-07-19 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2013-07-19 19:51 - 2013-07-19 19:51 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Replay Media Catcher 4
2013-07-19 19:40 - 2012-11-14 19:41 - 00116432 _____ C:\WINDOWS\setupapi.log
2013-07-19 19:31 - 2013-07-19 19:31 - 00001953 _____ C:\Documents and Settings\Administrator\Desktop\jkgkjugkjug.txt
2013-07-19 19:08 - 2013-07-19 19:08 - 00001244 _____ C:\Documents and Settings\Administrator\Desktop\uyggjugkjg.txt
2013-07-19 18:01 - 2013-07-19 18:01 - 00000015 _____ C:\Documents and Settings\Administrator\Desktop\gujugju.txt
2013-07-19 15:48 - 2013-07-18 13:47 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2013-07-19 15:28 - 2009-04-02 20:25 - 00073768 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-07-19 15:06 - 2005-11-04 22:27 - 00115468 _____ C:\WINDOWS\wmsetup.log
2013-07-19 14:45 - 2005-11-04 20:54 - 00000281 ___SH C:\boot.ini
2013-07-19 14:45 - 2005-11-04 20:53 - 00000647 _____ C:\WINDOWS\win.ini
2013-07-19 14:45 - 2005-11-04 20:53 - 00000227 _____ C:\WINDOWS\system.ini
2013-07-19 01:21 - 2012-03-01 22:05 - 00000000 ____D C:\Documents and Settings\r\My Documents\StreamTransport
2013-07-18 19:21 - 2012-07-28 18:04 - 00010220 _____ C:\Documents and Settings\r\.swfinfo
2013-07-18 19:21 - 2012-07-28 17:59 - 00000000 ____D C:\Documents and Settings\r\Desktop\rtmpdumphelper
2013-07-18 14:15 - 2013-07-18 13:00 - 00007581 _____ C:\Documents and Settings\r\ovpntray.log
2013-07-18 13:48 - 2013-07-18 13:48 - 00025824 _____ (SoftEther Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\Drivers\Neo_0022.sys
2013-07-18 13:47 - 2013-07-18 13:47 - 00133688 _____ (SoftEther Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2013-07-18 13:41 - 2013-07-18 13:00 - 00000000 ____D C:\Documents and Settings\r\Application Data\PrivateTunnel
2013-07-18 13:34 - 2013-07-18 13:24 - 38216210 _____ C:\Documents and Settings\r\Desktop\vpngate-client-2013.07.19-build-9091.127237.zip
2013-07-18 13:13 - 2012-03-01 21:47 - 00000000 ____D C:\Documents and Settings\r
2013-07-18 12:59 - 2013-07-18 12:59 - 00000000 ____D C:\Program Files\OpenVPN Technologies
2013-07-16 09:38 - 2013-07-16 09:38 - 00000034 _____ C:\Documents and Settings\r\Desktop\utuhthttjh.txt
2013-07-08 05:11 - 2011-10-13 20:23 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2013-07-08 05:09 - 2012-11-09 18:17 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (8)
2013-07-08 05:09 - 2012-03-15 13:32 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder f
2013-07-08 05:08 - 2013-07-04 23:11 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (6)
2013-07-07 19:14 - 2012-12-07 20:22 - 00000000 ____D C:\Documents and Settings\r\Desktop\fp_10.1.102.64_and_9.0.289.0_archive
2013-07-05 03:02 - 2013-03-25 16:18 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (7) jgjgtjgjgtjugt
2013-07-05 03:02 - 2012-11-09 18:18 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (4) tfryryhryryuyr
2013-07-04 23:11 - 2013-07-02 14:08 - 00000000 ____D C:\Documents and Settings\r\Desktop\New Folder (3)

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users