Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect to zeroredirect1.com


  • This topic is locked This topic is locked
84 replies to this topic

#1 hatemalware2

hatemalware2

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 21 December 2015 - 11:53 AM

Hello

i see browser is redirecting to zeroredirect1.com in few domains

i cant run adwcleaner software a it give me error and force close

i used frst.exe and attach its log here


Edited by hatemalware2, 21 December 2015 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 21 December 2015 - 11:56 AM

here logs

Attached Files



#3 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 22 December 2015 - 05:42 AM

no help?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 22 December 2015 - 04:11 PM

Greetings hatemalware2 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 24 December 2015 - 06:31 AM

Hey Gary

nice to meet you

and thank you for helping me

 

this is logs :

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-12-2015
Ran by tony (administrator) on TONY-B4DA82999C (24-12-2015 14:53:19)
Running from C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop
Loaded Profiles: tony (Available Profiles: tony & Guest)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\WINDOWS.0\system32\smss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\services.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\lsass.exe
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
() C:\WINDOWS.0\system32\WLTRYSVC.EXE
(Dell Inc.) C:\WINDOWS.0\system32\BCMWLTRY.EXE
(Microsoft Corporation) C:\WINDOWS.0\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS.0\explorer.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Dell Inc.) C:\WINDOWS.0\system32\WLTRAY.EXE
(Intel Corporation) C:\WINDOWS.0\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxpers.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe
(Dell Inc) C:\Program Files\Dell\QuickSet\quickset.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Intel Corporation) C:\WINDOWS.0\system32\igfxsrvc.exe
(SigmaTel, Inc.) C:\WINDOWS.0\stsystra.exe
(Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\ctfmon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Astrill) C:\Program Files\Astrill\astrill.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\alg.exe
(Astrill) C:\Program Files\Astrill\ASProxy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\svchost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wbem\wmiprvse.exe
(Microsoft Corporation) C:\WINDOWS.0\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\WINDOWS.0\system32\WLTRAY.exe [1384448 2006-06-23] (Dell Inc.)
HKLM\...\Run: [igfxtray] => C:\WINDOWS.0\system32\igfxtray.exe [98304 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS.0\system32\hkcmd.exe [77824 2005-12-14] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS.0\system32\igfxpers.exe [118784 2005-12-14] (Intel Corporation)
HKLM\...\Run: [LVCOMS] => C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE [98304 2001-09-24] (Logitech Inc.)
HKLM\...\Run: [Dell QuickSet] => C:\Program Files\Dell\QuickSet\quickset.exe [1032192 2006-08-04] (Dell Inc)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1078784 2015-05-04] (Trend Micro Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS.0\stsystra.exe [282624 2006-03-24] (SigmaTel, Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [165976 2014-07-20] (Trend Micro Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS.0\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Winlogon: [Userinit] C:\WINDOWS.0\system32\userinit.exe,
HKLM\...\Winlogon: [UIHost] C:\WINDOWS.0\system32\logonui.exe [514560 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\crypt32chain: C:\WINDOWS.0\system32\crypt32.dll [2013-10-07] (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS.0\system32\cryptnet.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS.0\system32\cscdll.dll [2012-10-10] (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS.0\System32\dimsntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS.0\system32\igfxdev.dll [2005-12-14] (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS.0\system32\sclgntfy.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS.0\system32\WlNotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS.0\system32\wlnotify.dll [2008-04-14] (Microsoft Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\System32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [ctfmon.exe] => C:\WINDOWS.0\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-07-25] (Samsung)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [Astrill] => C:\Program Files\Astrill\astrill.exe [5160472 2014-12-12] (Astrill)
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [94208 2005-12-16] (Nero AG)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS.0\system32\logon.scr [220672 2008-04-14] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS.0\Jaksta\AC\x86\jaudcap.dll => C:\WINDOWS.0\Jaksta\AC\x86\jaudcap.dll [264992 2015-03-19] (Jaksta Technologies Pty Ltd)
SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-09-01] (SmartSoft Ltd)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup\Bluetooth.lnk [2014-08-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Tony\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-12-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-776561741-1343024091-1606980848-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
Winsock: Catalog5 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog5 02 C:\WINDOWS.0\system32\winrnr.dll [16896 2008-04-14] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 01 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 02 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 03 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 04 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 05 C:\WINDOWS.0\system32\rsvpsp.dll [92672 2008-04-14] (Microsoft Corporation)
Winsock: Catalog9 06 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 07 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 08 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 09 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 10 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 11 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 12 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 13 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 14 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 15 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 16 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 17 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 18 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 19 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 20 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 21 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 22 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 23 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 24 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 25 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 26 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Winsock: Catalog9 27 C:\WINDOWS.0\system32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986}: [NameServer] 46.143.233.2,217.218.155.155
Tcpip\..\Interfaces\{4A313268-B8DA-47B3-9647-7986EA7B79A0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{BA8B353F-3BAE-488A-B9CB-2DE73DDCA328}: [NameServer] 217.218.155.155 46.143.233.5
Tcpip\..\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: IDMIEHlprObj Class -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-11-03] (Tonec Inc.)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\AMSP\module\20004\3.5.1255\6.8.1125\TmIEPlg.dll [2014-07-08] (Trend Micro Inc.)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-01] (Oracle Corporation)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-01] (Oracle Corporation)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.5.1255\6.8.1125\TmIEPlg.dll [2014-07-08] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2014-07-20] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2014-07-20] (Trend Micro Inc.)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS.0\system32\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-11] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-01] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2010-11-05] (Yahoo! Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-776561741-1343024091-1606980848-1003: wondershare.com/FantashowPlugin -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll [No File]
FF Extension: Astrill Proxy Switcher - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312\Extensions\addon@astrill.com [2015-12-23] [not signed]
FF Extension: Video DownloadHelper - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Mozilla\Firefox\Profiles\pppsxktn.default-1450795932312\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-12-22]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2015-11-11]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension [2015-11-11]
FF HKLM\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-11-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{24e5daf3-862d-4142-80ba-7cded1e66165}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
FF HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3
FF Extension: IDM CC - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3 [2014-08-02] [not signed]
FF HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\IDM\idmmzcc3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Facebook Themes (Facebook Theme Gallery)) - C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\phejagnmddcjhjblnacgmejghffmhjfp [2015-08-30]
CHR HKLM\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: old_chrome.exe - C:\Program Files\Google\Chrome\Application\old_chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2015-12-11] (Adobe Systems Incorporated)
S4 Alerter; C:\WINDOWS.0\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS.0\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S3 AppMgmt; C:\WINDOWS.0\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ASOVPNHelper; C:\Program Files\Astrill\ASOvpnSvc.exe [434016 2014-09-08] (Astrill)
S3 aspnet_state; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R3 ASProxy; C:\Program Files\Astrill\ASProxy.exe [2169368 2014-11-16] (Astrill)
R2 AudioSrv; C:\WINDOWS.0\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS.0\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
S2 Browser; C:\WINDOWS.0\System32\browser.dll [78336 2012-10-10] (Microsoft Corporation)
R2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 CiSvc; C:\WINDOWS.0\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ClipSrv; C:\WINDOWS.0\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_32; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS.0\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS.0\system32\rpcss.dll [401408 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS.0\System32\dhcpcsvc.dll [126976 2012-10-10] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS.0\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R2 dmserver; C:\WINDOWS.0\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS.0\System32\dnsrslvr.dll [45568 2012-10-10] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS.0\System32\dot3svc.dll [132096 2012-10-10] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS.0\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS.0\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS.0\system32\services.exe [110592 2012-10-10] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS.0\system32\es.dll [253952 2012-10-10] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
S3 FontCache3.0.0.0; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS.0\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS.0\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS.0\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HTTPFilter; C:\WINDOWS.0\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 idsvc; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS.0\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-12-01] (Oracle Corporation)
R2 LanmanServer; C:\WINDOWS.0\System32\srvsvc.dll [99840 2012-10-10] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS.0\System32\wkssvc.dll [134144 2012-10-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS.0\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 Messenger; C:\WINDOWS.0\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS.0\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS.0\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS.0\System32\msiexec.exe [95744 2012-10-10] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS.0\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS.0\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS.0\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [380928 2006-08-04] (Dell Inc.) [File not signed]
R3 Nla; C:\WINDOWS.0\System32\mswsock.dll [245248 2012-10-10] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS.0\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [963584 2015-05-04] (Trend Micro Inc.)
R2 PlugPlay; C:\WINDOWS.0\system32\services.exe [110592 2012-10-10] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS.0\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasMan; C:\WINDOWS.0\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS.0\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS.0\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS.0\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS.0\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS.0\system32\rpcss.dll [401408 2012-10-10] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS.0\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS.0\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS.0\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS.0\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS.0\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS.0\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS.0\System32\ipnathlp.dll [330752 2012-10-10] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS.0\system32\spoolsv.exe [58880 2012-10-10] (Microsoft Corporation)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [763840 2012-07-11] (Enigma Software Group USA, LLC.)
R2 srservice; C:\WINDOWS.0\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS.0\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\WINDOWS.0\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS.0\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 TapiSrv; C:\WINDOWS.0\System32\tapisrv.dll [249856 2012-10-10] (Microsoft Corporation) [File not signed]
R3 TermService; C:\WINDOWS.0\System32\termsrv.dll [296960 2012-10-10] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS.0\System32\shsvcs.dll [135168 2012-10-10] (Microsoft Corporation) [File not signed]
S3 TlntSvr; C:\WINDOWS.0\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS.0\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
R3 upnphost; C:\WINDOWS.0\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS.0\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS.0\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS.0\system32\w32time.dll [175616 2012-10-10] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS.0\System32\webclnt.dll [68096 2012-10-10] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS.0\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wltrysvc; C:\WINDOWS.0\System32\bcmwltry.exe [1236992 2006-06-23] (Dell Inc.) [File not signed]
S3 WmdmPmSN; C:\WINDOWS.0\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed]
S3 Wmi; C:\WINDOWS.0\System32\advapi32.dll [617472 2012-10-10] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS.0\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\WINDOWS.0\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS.0\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS.0\system32\wuauserv.dll [23064 2012-10-10] (Microsoft Corporation)
R2 WudfSvc; C:\WINDOWS.0\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS.0\System32\wzcsvc.dll [483328 2012-10-10] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS.0\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad -bt=0 [X]
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{017276A5-F41B-48CF-BB1E-FAB472D6E32B}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ACPI; C:\WINDOWS.0\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS.0\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation) [File not signed]
S3 aec; C:\WINDOWS.0\System32\drivers\aec.sys [142592 2008-04-14] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS.0\System32\drivers\afd.sys [138496 2012-10-10] (Microsoft Corporation)
R1 APPDRV; C:\WINDOWS.0\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) [File not signed]
R3 Arp1394; C:\WINDOWS.0\System32\DRIVERS\arp1394.sys [60800 2012-10-10] (Microsoft Corporation) [File not signed]
R3 asvpndrv; C:\WINDOWS.0\System32\DRIVERS\asvpndrv.sys [25856 2014-05-17] (Astrill) [File not signed]
S3 AsyncMac; C:\WINDOWS.0\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS.0\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS.0\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS.0\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
R3 BCM43XX; C:\WINDOWS.0\System32\DRIVERS\bcmwl5.sys [563968 2006-06-27] (Broadcom Corporation) [File not signed]
R3 bcm4sbxp; C:\WINDOWS.0\System32\DRIVERS\bcm4sbxp.sys [44544 2006-08-17] (Broadcom Corporation) [File not signed]
R1 Beep; C:\WINDOWS.0\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)
R3 btaudio; C:\WINDOWS.0\System32\drivers\btaudio.sys [328237 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTDriver; C:\WINDOWS.0\System32\DRIVERS\btport.sys [30427 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTKRNL; C:\WINDOWS.0\System32\DRIVERS\btkrnl.sys [851434 2006-05-25] (Broadcom Corporation.) [File not signed]
R2 BTSERIAL; C:\WINDOWS.0\system32\drivers\btserial.sys [23271 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTWDNDIS; C:\WINDOWS.0\System32\DRIVERS\btwdndis.sys [148900 2006-05-25] (Broadcom Corporation.) [File not signed]
S3 btwhid; C:\WINDOWS.0\System32\DRIVERS\btwhid.sys [45683 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 btwmodem; C:\WINDOWS.0\System32\DRIVERS\btwmodem.sys [30285 2006-05-25] (Broadcom Corporation.) [File not signed]
R3 BTWUSB; C:\WINDOWS.0\System32\Drivers\btwusb.sys [66488 2006-05-25] (Broadcom Corporation.) [File not signed]
S4 cbidf2k; C:\WINDOWS.0\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
S3 CCDECODE; C:\WINDOWS.0\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS.0\system32\Drivers\Cdaudio.sys [18688 2012-10-10] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS.0\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS.0\System32\DRIVERS\cdrom.sys [62976 2012-10-10] (Microsoft Corporation) [File not signed]
R3 CmBatt; C:\WINDOWS.0\System32\DRIVERS\CmBatt.sys [13952 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Compbatt; C:\WINDOWS.0\System32\DRIVERS\compbatt.sys [10240 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS.0\System32\DRIVERS\disk.sys [36352 2012-10-10] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS.0\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmio; C:\WINDOWS.0\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
R0 dmload; C:\WINDOWS.0\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) [File not signed]
S3 DMusic; C:\WINDOWS.0\System32\drivers\DMusic.sys [52864 2008-04-14] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\WINDOWS.0\System32\drivers\drmkaud.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\WINDOWS.0\System32\DRIVERS\EsgScanner.sys [19984 2015-12-21] ()
S4 exFat; C:\WINDOWS.0\system32\Drivers\exFat.sys [133632 2012-10-10] (Microsoft Corporation) [File not signed]
S4 Fastfat; C:\WINDOWS.0\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Fdc; C:\WINDOWS.0\system32\Drivers\Fdc.sys [27392 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS.0\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Flpydisk; C:\WINDOWS.0\system32\Drivers\Flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS.0\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 FsUsbExDisk; C:\WINDOWS.0\system32\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
U1 Fs_Rec; C:\WINDOWS.0\system32\Drivers\Fs_Rec.sys [9216 2012-10-10] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS.0\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS.0\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\WINDOWS.0\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider) [File not signed]
R3 hidusb; C:\WINDOWS.0\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) [File not signed]
R3 HSF_DPV; C:\WINDOWS.0\System32\DRIVERS\HSX_DPV.sys [936960 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R3 HSXHWAZL; C:\WINDOWS.0\System32\DRIVERS\HSXHWAZL.sys [192512 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R3 HTTP; C:\WINDOWS.0\System32\Drivers\HTTP.sys [265728 2012-10-10] (Microsoft Corporation) [File not signed]
R1 i8042prt; C:\WINDOWS.0\System32\DRIVERS\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ialm; C:\WINDOWS.0\System32\DRIVERS\ialmnt5.sys [1364574 2005-12-14] (Intel Corporation) [File not signed]
R1 Imapi; C:\WINDOWS.0\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS.0\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS.0\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS.0\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS.0\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS.0\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS.0\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS.0\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS.0\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) [File not signed]
R3 jakstaVA; C:\WINDOWS.0\System32\DRIVERS\jaksta_va.sys [91784 2014-12-09] (e2eSoft)
R1 Kbdclass; C:\WINDOWS.0\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS.0\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) [File not signed]
R3 kmixer; C:\WINDOWS.0\System32\drivers\kmixer.sys [172416 2008-04-14] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS.0\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
S3 kvnet; C:\WINDOWS.0\System32\DRIVERS\kvnet.sys [36912 2014-06-24] (Kerio Technologies Inc.)
R3 ManyCam; C:\WINDOWS.0\System32\DRIVERS\mcvidrv.sys [48280 2014-12-29] (Visicom Media Inc.)
R3 MBAMProtector; C:\WINDOWS.0\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS.0\System32\drivers\mcaudrv.sys [30488 2014-12-29] (Visicom Media Inc.)
R2 mdmxsdk; C:\WINDOWS.0\System32\DRIVERS\mdmxsdk.sys [12544 2005-10-05] (Conexant) [File not signed]
R1 mnmdd; C:\WINDOWS.0\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Modem; C:\WINDOWS.0\system32\Drivers\Modem.sys [30080 2012-10-10] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS.0\System32\DRIVERS\mouclass.sys [23040 2012-10-10] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS.0\System32\DRIVERS\mouhid.sys [12160 2012-10-10] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS.0\system32\Drivers\MountMgr.sys [42752 2012-10-10] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS.0\System32\DRIVERS\mrxdav.sys [180096 2012-10-10] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS.0\System32\DRIVERS\mrxsmb.sys [457856 2012-10-10] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS.0\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS.0\System32\drivers\MSKSSRV.sys [7552 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\WINDOWS.0\System32\drivers\MSPCLOCK.sys [5376 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\WINDOWS.0\System32\drivers\MSPQM.sys [4992 2008-04-14] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS.0\System32\DRIVERS\mssmbios.sys [15488 2012-10-10] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\WINDOWS.0\System32\drivers\MSTEE.sys [5504 2008-04-14] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS.0\system32\Drivers\Mup.sys [105472 2012-10-10] (Microsoft Corporation)
R0 mv61xxmm; C:\WINDOWS.0\system32\Drivers\mv61xxmm.sys [14184 2012-10-10] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\WINDOWS.0\system32\Drivers\mv64xxmm.sys [5632 2012-10-10] (Marvell Semiconductor Inc.) [File not signed]
R0 mvxxmm; C:\WINDOWS.0\system32\Drivers\mvxxmm.sys [14184 2012-10-10] (Marvell Semiconductor Inc.)
S3 NABTSFEC; C:\WINDOWS.0\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS.0\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NdisIP; C:\WINDOWS.0\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS.0\System32\DRIVERS\ndistapi.sys [10496 2012-10-10] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS.0\System32\DRIVERS\ndisuio.sys [14592 2012-10-10] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS.0\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS.0\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS.0\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS.0\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) [File not signed]
R3 NIC1394; C:\WINDOWS.0\System32\DRIVERS\nic1394.sys [61824 2012-10-10] (Microsoft Corporation) [File not signed]
S3 NPF; C:\WINDOWS.0\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 Npfs; C:\WINDOWS.0\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS.0\system32\Drivers\Ntfs.sys [576384 2008-11-18] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS.0\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS.0\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS.0\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) [File not signed]
R0 ohci1394; C:\WINDOWS.0\System32\DRIVERS\ohci1394.sys [61824 2012-10-10] (Microsoft Corporation) [File not signed]
S3 Parport; C:\WINDOWS.0\system32\Drivers\Parport.sys [80128 2012-10-10] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS.0\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) [File not signed]
S2 ParVdm; C:\WINDOWS.0\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS.0\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS.0\System32\DRIVERS\pciide.sys [3328 2001-08-17] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS.0\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS.0\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS.0\System32\DRIVERS\psched.sys [70272 2012-10-10] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS.0\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) [File not signed]
S3 QCDonner; C:\WINDOWS.0\System32\DRIVERS\LVCD.sys [38912 2001-09-24] (Logitech Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS.0\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS.0\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS.0\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS.0\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS.0\System32\DRIVERS\rdbss.sys [174848 2012-10-10] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS.0\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) [File not signed]
R3 rdpdr; C:\WINDOWS.0\System32\DRIVERS\rdpdr.sys [195712 2009-09-05] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\WINDOWS.0\system32\Drivers\RDPWD.sys [139784 2012-10-10] (Microsoft Corporation)
R1 redbook; C:\WINDOWS.0\System32\DRIVERS\redbook.sys [57600 2008-04-14] (Microsoft Corporation) [File not signed]
R3 rimmptsk; C:\WINDOWS.0\System32\DRIVERS\rimmptsk.sys [28544 2005-07-15] (REDC) [File not signed]
R3 rimsptsk; C:\WINDOWS.0\System32\DRIVERS\rimsptsk.sys [51328 2005-07-13] (REDC) [File not signed]
R3 rismxdp; C:\WINDOWS.0\System32\DRIVERS\rixdptsk.sys [307968 2005-07-15] (REDC) [File not signed]
R2 rspndr; C:\WINDOWS.0\System32\DRIVERS\rspndr.sys [62848 2012-10-10] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\WINDOWS.0\System32\DRIVERS\sdbus.sys [79232 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS.0\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S2 Serial; C:\WINDOWS.0\system32\Drivers\Serial.sys [64512 2008-04-14] (Microsoft Corporation) [File not signed]
S1 Sfloppy; C:\WINDOWS.0\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)
S3 SLIP; C:\WINDOWS.0\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation) [File not signed]
S3 splitter; C:\WINDOWS.0\System32\drivers\splitter.sys [6272 2008-04-14] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS.0\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS.0\System32\DRIVERS\srv.sys [357888 2012-10-10] (Microsoft Corporation)
S3 ssadbus; C:\WINDOWS.0\System32\DRIVERS\ssadbus.sys [136904 2014-06-16] (MCCI Corporation)
S3 ssadmdfl; C:\WINDOWS.0\System32\DRIVERS\ssadmdfl.sys [17864 2014-06-16] (MCCI Corporation)
S3 ssadmdm; C:\WINDOWS.0\System32\DRIVERS\ssadmdm.sys [153672 2014-06-16] (MCCI Corporation)
S3 sscdbus; C:\WINDOWS.0\System32\DRIVERS\sscdbus.sys [136776 2014-06-16] (MCCI Corporation)
S3 sscdmdfl; C:\WINDOWS.0\System32\DRIVERS\sscdmdfl.sys [17864 2014-06-16] (MCCI Corporation)
S3 sscdmdm; C:\WINDOWS.0\System32\DRIVERS\sscdmdm.sys [153672 2014-06-16] (MCCI Corporation)
R3 STHDA; C:\WINDOWS.0\System32\drivers\sthda.sys [1156648 2006-03-24] (SigmaTel, Inc.) [File not signed]
S3 streamip; C:\WINDOWS.0\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS.0\System32\DRIVERS\swenum.sys [4352 2012-10-10] (Microsoft Corporation) [File not signed]
S3 swmidi; C:\WINDOWS.0\System32\drivers\swmidi.sys [56576 2008-04-14] (Microsoft Corporation) [File not signed]
R3 sysaudio; C:\WINDOWS.0\System32\drivers\sysaudio.sys [60800 2008-04-14] (Microsoft Corporation) [File not signed]
S3 tap0901; C:\WINDOWS.0\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS.0\System32\DRIVERS\tcpip.sys [361600 2012-10-10] (Microsoft Corporation)
S3 TDPIPE; C:\WINDOWS.0\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS.0\system32\Drivers\TDTCP.sys [22024 2012-10-10] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS.0\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R1 tmactmon; C:\WINDOWS.0\System32\DRIVERS\tmactmon.sys [108032 2015-07-20] (Trend Micro Inc.)
R1 tmcomm; C:\WINDOWS.0\System32\DRIVERS\tmcomm.sys [303744 2015-07-20] (Trend Micro Inc.)
R0 TMEBC; C:\WINDOWS.0\System32\DRIVERS\TMEBC32.sys [40736 2013-07-01] (Trend Micro Inc.)
R1 tmeext; C:\WINDOWS.0\System32\DRIVERS\tmeext.sys [93752 2014-10-02] (Trend Micro Inc.)
R1 tmevtmgr; C:\WINDOWS.0\System32\DRIVERS\tmevtmgr.sys [88992 2015-07-20] (Trend Micro Inc.)
R3 tmnciesc; C:\WINDOWS.0\System32\DRIVERS\tmnciesc.sys [306232 2014-04-08] (Trend Micro Inc.)
R1 tmtdi; C:\WINDOWS.0\System32\DRIVERS\tmtdi.sys [94056 2014-07-08] (Trend Micro Inc.)
S4 Udfs; C:\WINDOWS.0\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)
R3 Update; C:\WINDOWS.0\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS.0\System32\DRIVERS\usbehci.sys [30464 2009-06-09] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS.0\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS.0\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS.0\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) [File not signed]
R3 USB_RNDIS_51; C:\WINDOWS.0\System32\DRIVERS\usb8023.sys [12928 2013-02-12] (Microsoft Corporation)
R1 VBoxDrv; C:\WINDOWS.0\System32\DRIVERS\VBoxDrv.sys [204064 2014-05-16] (Oracle Corporation)
R3 VBoxNetAdp; C:\WINDOWS.0\System32\DRIVERS\VBoxNetAdp.sys [116512 2014-05-16] (Oracle Corporation)
R3 VBoxNetFlt; C:\WINDOWS.0\System32\DRIVERS\VBoxNetFlt.sys [126752 2014-05-16] (Oracle Corporation)
R1 VBoxUSBMon; C:\WINDOWS.0\System32\DRIVERS\VBoxUSBMon.sys [104736 2014-05-16] (Oracle Corporation)
R1 VgaSave; C:\WINDOWS.0\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS.0\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS.0\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) [File not signed]
R3 wdmaud; C:\WINDOWS.0\System32\drivers\wdmaud.sys [83072 2008-04-14] (Microsoft Corporation) [File not signed]
R3 winachsf; C:\WINDOWS.0\System32\DRIVERS\HSX_CNXT.sys [669696 2005-12-01] (Conexant Systems, Inc.) [File not signed]
R1 WmiAcpi; C:\WINDOWS.0\System32\DRIVERS\wmiacpi.sys [8832 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS.0\System32\DRIVERS\wpdusb.sys [38528 2006-10-18] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS.0\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WSTCODEC; C:\WINDOWS.0\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS.0\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS.0\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [14080 2001-08-17] (Microsoft Corporation) [File not signed]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
S0 keaaycm; System32\drivers\clydnkby.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U2 TMAgent; no ImagePath
U3 tmeevw; no ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 14:53 - 2015-12-24 14:54 - 00055480 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST.txt
2015-12-24 14:52 - 2015-12-24 14:52 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST-OlderVersion
2015-12-24 14:51 - 2015-12-24 14:52 - 01721856 _____ (Farbar) C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\FRST.exe
2015-12-22 18:22 - 2015-12-22 18:22 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Old Firefox Data
2015-12-22 16:31 - 2015-12-22 16:31 - 00000218 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\recently-used.xbel
2015-12-22 16:14 - 2015-12-22 16:14 - 00000034 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\bitc number.txt
2015-12-21 20:28 - 2015-12-21 20:28 - 00032113 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Addition.txt
2015-12-21 20:21 - 2015-12-21 20:20 - 01743360 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\adwcleaner_5.026.exe
2015-12-21 20:09 - 2015-12-24 14:53 - 00000000 ____D C:\FRST
2015-12-21 19:55 - 2015-12-21 19:55 - 00002003 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\SpyHunter.lnk
2015-12-21 19:55 - 2015-12-21 19:55 - 00000000 ____D C:\sh4ldr
2015-12-21 19:55 - 2015-12-21 19:55 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-21 19:55 - 2015-12-21 19:55 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Start Menu\Programs\SpyHunter
2015-12-21 19:54 - 2015-12-21 19:55 - 00000000 ____D C:\WINDOWS.0\CC1F6DA021D2425AB1B65B164A598450.TMP
2015-12-21 19:54 - 2015-12-21 19:54 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2015-12-21 19:06 - 2015-12-21 19:06 - 00019984 _____ C:\WINDOWS.0\system32\Drivers\EsgScanner.sys
2015-12-16 20:27 - 2015-12-16 20:27 - 00090112 _____ C:\WINDOWS.0\Minidump\Mini121615-01.dmp
2015-12-16 15:50 - 2015-12-16 15:58 - 00000637 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-16 15:49 - 2015-12-16 16:00 - 00000000 ____D C:\EEK
2015-12-16 14:42 - 2015-12-16 15:49 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Malwarebytes
2015-12-16 14:42 - 2015-12-16 15:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2015-12-16 11:50 - 2015-12-21 20:22 - 00000000 ____D C:\AdwCleaner
2015-12-13 23:58 - 2015-12-13 23:58 - 00000218 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\.swfinfo
2015-12-13 23:55 - 2015-12-13 23:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\TubeDigger
2015-12-13 23:55 - 2015-12-13 23:55 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\TubeDigger
2015-12-13 22:58 - 2015-12-13 23:55 - 00000000 ____D C:\Program Files\TubeDigger
2015-12-13 20:43 - 2015-12-13 20:43 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\StreamingStar
2015-12-13 20:37 - 2015-12-13 20:37 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\livestreamer
2015-12-13 20:20 - 2015-12-13 20:20 - 00384938 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\CBV_2p647.swf
2015-12-13 19:07 - 2015-12-13 22:40 - 00000000 ____D C:\Program Files\Hulu Downloader
2015-12-13 18:43 - 2015-12-13 18:48 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Replay Media Catcher 6
2015-12-13 18:40 - 2015-12-13 18:41 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Replay Media Catcher 6
2015-12-13 18:39 - 2015-12-13 18:40 - 00000954 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Replay Media Catcher 6.lnk
2015-12-13 18:20 - 2015-12-13 18:20 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Tiffen
2015-12-13 17:57 - 2015-12-13 17:57 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Applian
2015-12-11 20:51 - 2015-12-11 20:51 - 00000732 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Tiffen Dfx v3.0.lnk
2015-12-11 20:51 - 2015-12-11 20:51 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Start Menu\Programs\Tiffen
2015-12-11 20:51 - 2015-12-11 20:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Tiffen
2015-12-11 20:51 - 2015-12-11 20:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Tiffen
2015-12-11 20:50 - 2015-12-11 20:50 - 00000000 ____D C:\Program Files\Tiffen
2015-12-11 13:49 - 2015-12-12 20:42 - 00000295 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\feedback.txt
2015-12-08 01:54 - 2015-12-08 01:54 - 00004137 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\JRT.txt
2015-12-08 01:43 - 2015-12-08 01:43 - 00000354 _____ C:\AdwCleaner[S2].txt
2015-12-06 14:00 - 2015-12-07 16:53 - 00000074 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\aliexpress tracks.txt
2015-12-05 00:58 - 2015-12-22 16:37 - 00170200 _____ (Malwarebytes) C:\WINDOWS.0\system32\Drivers\mbamswissarmy.sys
2015-12-05 00:58 - 2015-12-05 00:58 - 00000354 _____ C:\AdwCleaner[S6].txt
2015-12-05 00:57 - 2015-12-16 15:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-05 00:57 - 2015-12-16 15:49 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-05 00:57 - 2015-12-16 15:49 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-05 00:57 - 2015-12-05 00:57 - 00000777 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-05 00:57 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS.0\system32\Drivers\mbamchameleon.sys
2015-12-05 00:57 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS.0\system32\Drivers\mbam.sys
2015-12-05 00:56 - 2015-12-05 00:56 - 00000354 _____ C:\AdwCleaner[S5].txt
2015-12-05 00:18 - 2015-12-05 00:19 - 00001308 _____ C:\DelFix.txt
2015-12-04 23:38 - 2015-12-04 23:38 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\XMedia Recode
2015-12-04 23:38 - 2015-12-04 23:38 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\XMedia Recode
2015-12-04 18:24 - 2015-12-04 18:24 - 00000000 ____D C:\Program Files\Common Files\iSkysoft
2015-12-04 18:24 - 2015-12-04 18:24 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\iSkysoft
2015-12-04 18:23 - 2015-12-05 00:32 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\iSkysoft DVD Creator
2015-12-04 18:16 - 2015-12-04 18:18 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\1click dvd copy pro
2015-12-04 18:16 - 2015-12-04 18:18 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\1click dvd copy pro
2015-12-04 18:03 - 2015-12-04 18:03 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ZJMedia
2015-12-04 18:01 - 2015-12-04 18:01 - 00000000 ____D C:\Program Files\ZJMedia
2015-12-04 16:59 - 2015-12-04 16:59 - 00000000 ____D C:\Program Files\Cheetah Burner
2015-12-04 16:59 - 2015-12-04 16:59 - 00000000 ____D C:\Documents and Settings\TONY~1~TON\LOCALS~1
2015-12-04 16:59 - 2015-12-04 16:59 - 00000000 ____D C:\Documents and Settings\TONY~1~TON
2015-12-04 16:59 - 1998-06-18 01:00 - 00089360 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\VB5DB.DLL
2015-11-30 02:39 - 2015-11-30 02:39 - 00016840 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\1177470 - Astrill Systems Corp._ BitPay Invoice.html
2015-11-30 02:39 - 2015-11-30 02:39 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\1177470 - Astrill Systems Corp._ BitPay Invoice_files
2015-11-28 23:23 - 2015-12-23 18:55 - 00304640 ___SH C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\Thumbs.db
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-24 14:55 - 2014-08-02 07:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp
2015-12-24 14:54 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0\Temp
2015-12-24 14:52 - 2013-11-09 14:37 - 00000000 ____D C:\WINDOWS
2015-12-24 14:50 - 2014-08-02 07:10 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\DMCache
2015-12-24 14:49 - 2014-08-01 21:55 - 00000886 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-24 14:03 - 2015-10-26 12:25 - 00000834 _____ C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job
2015-12-24 12:49 - 2014-08-01 21:55 - 00000882 _____ C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-24 12:35 - 2014-08-01 23:34 - 00560262 _____ C:\WINDOWS.0\system32\PerfStringBackup.INI
2015-12-24 12:35 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0\system32
2015-12-24 12:31 - 2014-12-14 22:27 - 00005370 _____ C:\WINDOWS.0\system32\ASProxy.ini
2015-12-24 12:31 - 2014-12-14 22:27 - 00003508 _____ C:\WINDOWS.0\system32\ASProxyOff.ini
2015-12-24 12:30 - 2014-08-02 07:05 - 00000006 ____H C:\WINDOWS.0\Tasks\SA.DAT
2015-12-24 12:30 - 2014-08-01 23:23 - 00000000 ____D C:\WINDOWS.0
2015-12-24 01:46 - 2014-08-02 07:05 - 00032486 _____ C:\WINDOWS.0\SchedLgU.Txt
2015-12-23 18:58 - 2014-10-08 20:02 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\MultiBit
2015-12-23 18:57 - 2015-10-20 18:00 - 00000151 _____ C:\WINDOWS.0\PhotoSnapViewer.INI
2015-12-23 18:56 - 2015-06-10 23:38 - 00001456 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2015-12-23 05:19 - 2015-02-05 21:50 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Skype
2015-12-23 02:41 - 2015-10-18 16:33 - 00000116 _____ C:\WINDOWS.0\NeroDigital.ini
2015-12-23 02:41 - 2014-08-01 20:55 - 00034816 ____C C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-22 17:05 - 2015-07-04 19:54 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\FLV and Media Player
2015-12-22 16:31 - 2015-04-21 15:02 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\midori
2015-12-22 15:53 - 2014-09-28 01:18 - 00000000 ____D C:\Program Files\Andy
2015-12-21 19:57 - 2013-11-09 23:16 - 00001611 _____ C:\Documents and Settings\Tony\Start Menu\Programs\Remote Assistance.lnk
2015-12-21 19:40 - 2014-02-19 21:40 - 00001611 _____ C:\Documents and Settings\Nest\Start Menu\Programs\Remote Assistance.lnk
2015-12-21 19:40 - 2013-11-28 16:15 - 00001611 _____ C:\Documents and Settings\Guest\Start Menu\Programs\Remote Assistance.lnk
2015-12-21 19:40 - 2013-11-09 23:07 - 00001611 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2015-12-21 19:09 - 2014-08-01 23:23 - 00000000 ___HD C:\WINDOWS.0\inf
2015-12-21 18:32 - 2008-04-14 14:30 - 00002206 _____ C:\WINDOWS.0\system32\wpa.dbl
2015-12-21 07:28 - 2014-08-19 03:56 - 00526542 ____C C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-776561741-1343024091-1606980848-1003-0.dat
2015-12-21 07:28 - 2014-08-19 03:56 - 00117214 ____C C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2015-12-19 00:06 - 2014-08-02 07:40 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\ManyCam
2015-12-18 21:20 - 2014-08-11 19:37 - 00502328 __SHC C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Thumbs.db
2015-12-18 18:54 - 2014-08-02 07:06 - 00000000 ___RD C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents
2015-12-17 04:00 - 2014-08-01 22:04 - 00001813 _____ C:\Documents and Settings\All Users.WINDOWS.0\Desktop\Google Chrome.lnk
2015-12-16 20:27 - 2014-08-22 23:22 - 00000000 ____D C:\WINDOWS.0\Minidump
2015-12-16 16:02 - 2014-08-02 07:38 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\ICQ
2015-12-16 14:42 - 2014-11-14 23:46 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2015-12-16 14:42 - 2014-11-14 23:46 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2015-12-16 12:23 - 2014-09-13 11:23 - 00000586 _____ C:\WINDOWS.0\Tasks\VerifiedVPN_NMDInUseCheck.job
2015-12-15 15:22 - 2014-09-27 19:40 - 00007680 __SHC C:\WINDOWS.0\Thumbs.db
2015-12-15 00:50 - 2013-11-20 21:40 - 00000000 ____D C:\Program Files\WS_FTP
2015-12-15 00:40 - 2015-06-19 17:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\lol
2015-12-15 00:22 - 2015-08-06 16:46 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\Psiphon3
2015-12-13 23:58 - 2014-08-02 07:06 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C
2015-12-13 20:38 - 2015-06-26 16:25 - 00000000 ___RD C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\My Videos
2015-12-13 19:07 - 2014-12-28 00:28 - 00377344 _____ (Trend Micro Inc.) C:\WINDOWS.0\RegBootClean.exe
2015-12-13 18:39 - 2015-01-21 01:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Applian Technologies
2015-12-13 18:39 - 2015-01-21 01:34 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Applian Technologies
2015-12-13 18:05 - 2015-01-21 01:34 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2015-12-13 18:05 - 2015-01-21 01:32 - 00000000 ____D C:\Program Files\Applian Technologies
2015-12-13 12:09 - 2014-08-02 07:20 - 00000000 ____D C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Bluetooth Exchange Folder
2015-12-11 16:04 - 2008-04-14 14:30 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerApp.exe
2015-12-11 16:04 - 2008-04-14 14:30 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS.0\system32\FlashPlayerCPLApp.cpl
2015-12-11 12:59 - 2015-06-09 14:29 - 00000010 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\sponge.last.runtime.cache
2015-12-10 03:00 - 2012-10-10 21:15 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS.0\system32\mrt.exe
2015-12-08 15:00 - 2015-02-07 14:53 - 00000218 _____ C:\WINDOWS.0\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-12-05 01:37 - 2014-11-14 23:50 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro
2015-12-05 01:37 - 2014-11-14 23:50 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\HitmanPro
2015-12-05 01:19 - 2015-05-03 03:02 - 00000000 ____D C:\WINDOWS.0\system32\MRT
2015-12-04 23:38 - 2015-10-17 14:23 - 00000000 ____D C:\Program Files\XMedia Recode
2015-12-04 19:00 - 2015-10-17 20:24 - 00000618 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\burnaware.ini
2015-12-04 18:21 - 2013-11-10 03:07 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-12-04 17:00 - 2014-07-18 20:58 - 00000000 ____D C:\temp
2015-12-04 16:59 - 2013-11-09 14:55 - 00000000 ____D C:\Documents and Settings
2015-12-01 02:35 - 2015-08-16 17:20 - 00000702 _____ C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\email.txt
2015-11-26 13:01 - 2014-08-02 07:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Dell Accessories
2015-11-26 13:01 - 2014-08-02 07:13 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Dell Accessories
2015-11-25 19:09 - 2015-10-18 22:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Aiseesoft Studio
2015-11-25 19:09 - 2015-10-18 22:51 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Aiseesoft Studio
2015-11-25 19:08 - 2015-10-18 22:51 - 00000000 ____D C:\Program Files\Aiseesoft Studio
2015-11-25 19:03 - 2015-07-03 21:31 - 00000000 ____D C:\Program Files\NCH Software
2015-11-25 19:03 - 2015-07-03 21:31 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NCH Software
2015-11-25 19:03 - 2015-07-03 21:31 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NCH Software
2015-11-25 19:01 - 2015-11-03 19:23 - 00000000 ____D C:\Program Files\Easy GIF Animator
2015-11-25 19:01 - 2015-10-26 18:09 - 00000000 ____D C:\Program Files\Hanso Burner
2015-11-25 19:00 - 2015-11-04 18:26 - 00000000 ____D C:\Program Files\Aegisub
2015-11-24 23:00 - 2014-08-01 20:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Trend Micro
2015-11-24 23:00 - 2014-08-01 20:53 - 00000000 ____D C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Trend Micro
2015-11-24 19:42 - 2014-08-02 07:06 - 00000000 ___RD C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\My Pictures
 
==================== Files in the root of some directories =======
 
2015-10-17 20:24 - 2015-12-04 19:00 - 0000618 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\burnaware.ini
2015-10-18 18:20 - 2015-10-19 13:47 - 0087608 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\inst.exe
2015-10-18 18:20 - 2015-10-19 13:47 - 0007887 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.cat
2015-10-18 18:20 - 2015-10-19 13:47 - 0001144 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.inf
2015-10-18 18:21 - 2015-10-19 13:47 - 0000055 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.log
2015-10-18 18:20 - 2015-10-19 13:47 - 0047360 _____ (VSO Software) C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\pcouffin.sys
2015-06-10 23:38 - 2015-12-23 18:56 - 0001456 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
2012-05-03 14:42 - 2012-05-03 14:42 - 0000532 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\datos.txt
2014-08-01 20:55 - 2015-12-23 02:41 - 0034816 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 01:25 - 2015-02-01 01:25 - 0000036 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\housecall.guid.cache
2014-02-05 23:38 - 2014-02-05 23:38 - 0193744 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral1.bmp
2010-11-12 12:40 - 2010-11-12 12:40 - 0193744 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral2.bmp
2014-02-05 23:40 - 2014-02-05 23:40 - 0195108 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\lateral3.bmp
2014-08-23 16:02 - 2015-07-13 21:47 - 0000600 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\PUTTY.RND
2015-12-22 16:31 - 2015-12-22 16:31 - 0000218 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\recently-used.xbel
2014-02-06 01:20 - 2014-02-06 01:20 - 0043976 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_en.bmp
2014-02-06 01:19 - 2014-02-06 01:19 - 0043976 ____C () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\save_es.bmp
2015-06-09 14:29 - 2015-12-11 12:59 - 0000010 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\sponge.last.runtime.cache
2014-08-06 04:42 - 2014-08-06 04:42 - 0000004 ___HC () C:\Documents and Settings\All Users.WINDOWS.0\Application Data\QSLLPSVCShare
 
Some files in TEMP:
====================
C:\Documents and Settings\Tony\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS.0\explorer.exe
[2012-10-10 21:13] - [2012-10-10 21:13] - 1033728 ____A (Microsoft Corporation) 2BB75B7F548D82A099125D0C5971DE7D
 
C:\WINDOWS.0\system32\winlogon.exe
[2012-10-10 21:15] - [2012-10-10 21:15] - 0509440 ____A (Microsoft Corporation) 53A8857723277B1D6D5EE60A9F85B117
 
C:\WINDOWS.0\system32\svchost.exe => MD5 is legit
C:\WINDOWS.0\system32\services.exe
[2012-10-10 21:14] - [2012-10-10 21:14] - 0110592 ____A (Microsoft Corporation) C519E15665CD89A91AD383FCE3CB556A
 
C:\WINDOWS.0\system32\User32.dll => MD5 is legit
C:\WINDOWS.0\system32\userinit.exe => MD5 is legit
C:\WINDOWS.0\system32\rpcss.dll => MD5 is legit
C:\WINDOWS.0\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS.0\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-12-2015
Ran by tony (2015-12-24 14:55:58)
Running from C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2014-08-02 03:33:45)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-776561741-1343024091-1606980848-500 - Administrator - Enabled)
Guest (S-1-5-21-776561741-1343024091-1606980848-501 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Guest.TONY-B4DA82999C
HelpAssistant (S-1-5-21-776561741-1343024091-1606980848-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-776561741-1343024091-1606980848-1002 - Limited - Disabled)
tony (S-1-5-21-776561741-1343024091-1606980848-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\tony.TONY-B4DA82999C
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Internet Security (Disabled - Up to date) {7D2296BC-32CC-4519-917E-52E652474AF5}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM\...\uTorrent) (Version: 2.2.0 - )
µTorrent (HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
ACDSee 8 (HKLM\...\{AE80641A-0C8D-4670-A518-B4EC154B1027}) (Version: 8.0.39 - ACD Systems Ltd.)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
ADSL MODEM USB Driver (HKLM\...\{724D7BEE-883D-452E-B8DA-26E88343CAE9}) (Version:  - )
Advanced DHTML Popup Pro (HKLM\...\{C3F69D4F-81ED-43E3-8690-42DEE3A46487}) (Version: 2.44.0160 - Digital Flow Software)
Applian FLV Player (HKLM\...\Applian FLV Player2.0.24) (Version: 2.0.24 - Applian Technologies Inc.)
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
BitRope Sharing (HKLM\...\BitRope Sharing) (Version: 2.7.0.0 - BitRope LLC)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.06.11 - Broadcom Corporation)
calibre (HKLM\...\{DD649DA2-BBD9-4247-85DD-E04F7C1E8552}) (Version: 1.48.0 - Kovid Goyal)
Conexant HDA D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3) (Version:  - )
CPROXY 1.2 (HKLM\...\CPROXY_is1) (Version:  - )
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.80.28.5 - Dell Inc.)
Dfx (HKLM\...\Tiffen-Dfx 3.0) (Version: 3.0 - Tiffen)
E.M. Total Video Player 1.31 (HKLM\...\E.M. Total Video Player 1.31_is1) (Version:  - EffectMatrix Inc.)
FLV and Media Player 4.2.1.1 (HKLM\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
FLV to AVI (HKLM\...\{64678DB1-3475-4674-80AD-4C07C4295A9B}_is1) (Version:  - www.flvtoavi.com)
FreeCap version 3.18 (HKLM\...\FreeCap_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4446 - )
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Logitech QuickCam (HKLM\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.01.0000 - Logitech, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManyCam 4.1.1 (HKLM\...\ManyCam) (Version: 4.1.1 - Visicom Media Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Midori 0.5.9 (HKLM\...\Midori) (Version: 0.5.9 - Christian Dywan)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 3.01 - BVRP Software)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MultiBit 0.5.15 (HKLM\...\MultiBit 0.5.15) (Version: 0.5.15 - )
MySQL-to-CSV version 1.1.0.1 (HKLM\...\MySQL-to-CSV_is1) (Version: 1.1.0.1 - Intelligent Converters)
Nero 7 Demo (HKLM\...\{C93369CB-B4E9-E095-9289-E6B5AE941033}) (Version: 7.00.2734 - Nero AG)
Oracle VM VirtualBox 4.3.12 (HKLM\...\{D90E08B8-E7BB-4D29-8249-8670D4CC24BD}) (Version: 4.3.12 - Oracle Corporation)
QuickSet (HKLM\...\{C5074CC4-0E26-4716-A307-960272A90040}) (Version: 7.1.12 - )
Replay Media Catcher 5 (5.0.1.54) (HKLM\...\Replay Media Catcher 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Media Catcher 6 (6.0.0.66) (HKLM\...\Replay Media Catcher 6) (Version: 6.0.0.66 - Applian Technologies)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11042_8 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.0.0.11042_8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
Skype™ 7.12 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{2B7B47E1-B482-4D3A-ABFD-2FF8E077ECA6}) (Version: 4.0.1048.0 - SmartSoft Ltd.)
SmartFTP Client 4.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 4.0 Setup Files) (Version: 4.0 - SmartSoft Ltd)
Smilebox (HKU\S-1-5-21-776561741-1343024091-1606980848-1003\...\Smilebox) (Version: 1.0.0.29190 - Smilebox, Inc.)
SpyHunter (HKLM\...\{CC1F6DA0-21D2-425A-B1B6-5B164A598450}) (Version: 4.9.12.4023 - Enigma Software Group USA, LLC)
Subtitle Edit 3.4.10 (HKLM\...\SubtitleEdit_is1) (Version: 3.4.10.1 - Nikse)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 8.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 8.0 - Trend Micro Inc.) Hidden
TubeDigger 4.3.1 (HKLM\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 4.3.1 - TubeDigger)
VSO ConvertXToDVD (HKLM\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.3.0.30 - VSO Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{3F4EC965-28EF-45C3-B063-04B25D4E9679}) (Version: 5.0.1.2609 - Dell)
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12) (HKLM\...\3635FC5A3FE7DACCEF2123BDBDA808BA811B977B) (Version: 07/09/2005 1.00.01.12 - Ricoh Company)
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06) (HKLM\...\F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7) (Version: 07/14/2005 1.00.00.06 - Ricoh Company)
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04) (HKLM\...\452416B030C25BAA383F3DA368FECD5D48FAE727) (Version: 07/14/2005 1.00.02.04 - Ricoh Company)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (HKLM\...\KB952011) (Version: 1.0 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Wondershare DVD Slideshow Builder Deluxe(Build 6.2.0.0) (HKLM\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.2.0.0 - Wondershare Software Co.,Ltd.)
XMedia Recode version 3.2.6.6 (HKLM\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.6.6 - XMedia Recode)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{6ebec176-0bb1-52a8-b1ac-058bc2d35420}\InprocServer32 -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll => No File
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll (EasyBits Media AS)
 
==================== Restore Points =========================
 
26-11-2015 14:57:25 System Checkpoint
27-11-2015 15:42:51 System Checkpoint
28-11-2015 18:45:07 System Checkpoint
30-11-2015 14:00:56 System Checkpoint
01-12-2015 14:28:32 System Checkpoint
02-12-2015 15:33:00 System Checkpoint
03-12-2015 16:49:06 System Checkpoint
04-12-2015 18:15:56 Installed 1CLICK DVD COPY PRO
04-12-2015 18:26:46 Installed Windows XP --  Software Updates KB952011.
05-12-2015 00:34:05 Software Distribution Service 3.0
05-12-2015 01:35:11 Checkpoint by HitmanPro
05-12-2015 01:36:40 Checkpoint by HitmanPro
06-12-2015 01:57:32 System Checkpoint
07-12-2015 17:21:04 System Checkpoint
08-12-2015 01:48:32 JRT Pre-Junkware Removal
09-12-2015 13:54:08 System Checkpoint
10-12-2015 03:00:21 Software Distribution Service 3.0
11-12-2015 12:26:52 System Checkpoint
12-12-2015 16:43:30 System Checkpoint
13-12-2015 16:58:28 System Checkpoint
14-12-2015 17:14:39 System Checkpoint
15-12-2015 17:23:16 System Checkpoint
17-12-2015 13:01:20 System Checkpoint
18-12-2015 17:31:28 System Checkpoint
19-12-2015 17:31:44 System Checkpoint
20-12-2015 18:17:55 System Checkpoint
21-12-2015 19:55:01 Installed SpyHunter
22-12-2015 21:17:39 System Checkpoint
23-12-2015 21:58:39 System Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2008-04-14 14:30 - 2008-04-14 14:30 - 00000734 ____N C:\WINDOWS.0\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS.0\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS.0\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.0\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS.0\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS.0\system32\xp_eos.exe
Task: C:\WINDOWS.0\Tasks\VerifiedVPN_NMDInUseCheck.job => C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\VerifiedVPN\NMD\uninstall.exeF/U C:\DOCUME~1\TONY~1.TON\APPLIC~1\VERIFI~1\NMD\UNINST~1\UNINST~1.XML
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Midori\Website.lnk -> C:\Program Files\Midori\bin\midori.exe () -> hxxp://www.midori-browser.org
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-10 03:09 - 2006-06-23 04:18 - 00020992 _____ () C:\WINDOWS.0\System32\WLTRYSVC.EXE
2013-11-10 03:09 - 2006-06-23 04:17 - 00761856 _____ () C:\WINDOWS.0\System32\bcm1xsup.dll
2006-05-25 05:59 - 2006-05-25 05:59 - 00053248 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2013-11-10 03:16 - 2006-08-04 06:22 - 00073728 _____ () C:\Program Files\Dell\QuickSet\dadkeyb.dll
2013-12-30 00:06 - 2009-08-17 03:36 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2013-11-10 03:16 - 2005-10-14 01:23 - 00090223 _____ () C:\Program Files\Dell\QuickSet\preflibcl.dll
2013-11-10 03:09 - 2006-06-23 04:18 - 00086016 _____ () C:\WINDOWS.0\system32\preflib.dll
2015-02-01 01:31 - 2015-05-04 09:53 - 00040960 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-02-01 01:31 - 2015-05-04 09:53 - 00016896 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-06-26 21:00 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-06-26 21:00 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-12-04 18:24 - 2014-04-04 11:29 - 00371712 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-12-04 18:24 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-02-07 14:41 - 2015-02-07 14:41 - 01974784 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.UI\1b561d212eec4dc495dad3e2445be7ca\Kies.UI.ni.dll
2015-02-07 14:41 - 2015-02-07 14:41 - 00079360 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\78e6d12bb29d96da01a4d022efd4db0b\Kies.MVVM.ni.dll
2015-02-07 14:41 - 2015-02-07 14:41 - 00189952 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a303b5246ef637ae0839460c1cfc2023\Kies.Common.DeviceServiceLib.Interface.ni.dll
2015-02-07 14:44 - 2015-02-07 14:44 - 00367616 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\DevicePhoto\c0c551c90f572e29e6d344478f075752\DevicePhoto.ni.dll
2015-02-07 14:44 - 2015-02-07 14:44 - 00301568 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\DeviceVideo\602b994d44a0d2ced9e856a5722d910a\DeviceVideo.ni.dll
2015-02-07 14:44 - 2015-02-07 14:44 - 00616448 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\DevicePodcast\a9627ee8a0d8ae9cc09e6b3fb3c3c779\DevicePodcast.ni.dll
2015-02-07 14:44 - 2015-02-07 14:44 - 00307200 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\6418c0aa0dccccaba2ec03b548d00579\DummyStorePlugin.ni.dll
2015-02-07 14:44 - 2015-02-07 14:44 - 14994944 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.Theme\267b7f6cbf6e9ef12c7982cb7729d2d0\Kies.Theme.ni.dll
2015-02-07 14:43 - 2015-02-07 14:43 - 00582656 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5f7745a7087b34471b8227278d96eff2\Kies.Common.DeviceServiceLib.FileService.ni.dll
2015-02-07 14:42 - 2015-02-07 14:42 - 00046592 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7e36d39b4bdf2949d22719a5f9f43b3e\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2015-02-07 14:43 - 2015-02-07 14:43 - 01004544 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\6ecc28a90aee58f6728d99dce9eeb7c3\DeviceCommonLib.ni.dll
2015-02-07 14:43 - 2015-02-07 14:43 - 00232960 _____ () C:\WINDOWS.0\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll
2015-02-01 01:27 - 2013-01-16 05:20 - 00039424 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_49.dll
2015-02-01 01:27 - 2014-07-01 13:49 - 00542720 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll
2015-02-01 01:27 - 2013-01-16 05:25 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_49.dll
2015-02-01 01:27 - 2012-12-18 23:34 - 01098240 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll
2015-02-01 01:27 - 2013-01-16 05:20 - 00016896 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_49.dll
2015-02-01 01:31 - 2015-05-04 09:53 - 00072192 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2008-04-14 14:30 - 2008-04-14 14:30 - 00059904 _____ () C:\WINDOWS.0\system32\devenum.dll
2008-04-14 14:30 - 2008-04-14 14:30 - 00014336 _____ () C:\WINDOWS.0\system32\msdmo.dll
2014-08-01 22:28 - 2014-02-11 00:14 - 04592128 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-08-01 22:28 - 2014-02-11 00:14 - 00112128 _____ () C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-12-17 04:00 - 2015-12-11 07:24 - 16573256 _____ () C:\Program Files\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\tony.TONY-B4DA82999C\MediaFire:mf_x
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ASProxy => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.1 - 46.143.233.2
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\ICQ.exe] => Enabled:ICQ7.2
DomainProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\aolload.exe] => Enabled:aolload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\ICQ.exe] => Enabled:ICQ7.2
StandardProfile\AuthorizedApplications: [C:\Program Files\ICQ7.2\aolload.exe] => Enabled:aolload.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\www.cproxy.com\CPROXY.exe] => Enabled:Accelerator CPROXY.com
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\WS_FTP\WS_FTP95.exe] => Enabled:WS_FTP 95
StandardProfile\AuthorizedApplications: [C:\WINDOWS.0\system32\muzapp.exe] => Enabled:MUZ AOD APP player
StandardProfile\AuthorizedApplications: [C:\Program Files\Rynga.com\Rynga\Rynga.exe] => Enabled:Client to make VoIP calls.
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 4.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Super Network Tunnel\TunnelClient_Portable.exe] => Enabled:UI-TunnelClient_Portable
StandardProfile\AuthorizedApplications: [C:\Program Files\Super Network Tunnel\TunnelServer.exe] => Enabled:UI-TunnelServer
StandardProfile\AuthorizedApplications: [C:\Program Files\Super Network Tunnel\TunnelClientService_Portable.exe] => Enabled:Network Tunnel Client Portable Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Super Network Tunnel\TunnelServerService.exe] => Enabled:Network Tunnel Server
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\jrmcp.exe] => Enabled:Replay Media Catcher 5
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\jbp.exe] => Enabled:Replay Media Catcher 5 Guide Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\jwmpp.exe] => Enabled:Replay Media Catcher 5 Player Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\ffmpeg.exe] => Enabled:Replay Media Catcher 5 HLS Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe] => Enabled:Replay Media Catcher 5 Torrent Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe] => Enabled:Replay Media Catcher 5 QT Module
StandardProfile\AuthorizedApplications: [C:\WINDOWS.0\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS.0\system32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe] => Enabled:DLManager
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Downloads\Programs\video convertor\Wondershare.Video.Converter.Ultimate.8.0.5.1.Portable\App\local\stubexe\0x22EFD21A3809460C\DSCheck.exe] => Enabled:DSCheck
StandardProfile\AuthorizedApplications: [C:\Program Files\GigaTribe\gigatribe.exe] => Enabled:Gigatribe
StandardProfile\AuthorizedApplications: [C:\Program Files\BitRope Sharing\BitRope Sharing.exe] => Enabled:BitRope Sharing
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\jrmcp.exe] => Enabled:Replay Media Catcher 6
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\jbp.exe] => Enabled:Replay Media Catcher 6 DVR Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\ffmpeg.exe] => Enabled:Replay Media Catcher 6 HLS Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\dl.exe] => Enabled:Replay Media Catcher 6 DL Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\aria2c.exe] => Enabled:Replay Media Catcher 6 Torrent Module
StandardProfile\AuthorizedApplications: [C:\Program Files\Applian Technologies\Replay Media Catcher 6\qtCopy.exe] => Enabled:Replay Media Catcher 6 QT Module
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2015 07:44:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner (4).exe, version 5.0.2.5, faulting module adwcleaner (4).exe, version 5.0.2.5, fault address 0x000211de.
Processing media-specific event for [adwcleaner (4).exe!ws!]
 
Error: (12/21/2015 07:42:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner (3).exe, version 5.0.2.5, faulting module adwcleaner (3).exe, version 5.0.2.5, fault address 0x000211de.
Processing media-specific event for [adwcleaner (3).exe!ws!]
 
Error: (12/16/2015 11:45:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner (3).exe, version 5.0.2.5, faulting module adwcleaner (3).exe, version 5.0.2.5, fault address 0x000211de.
Processing media-specific event for [adwcleaner (3).exe!ws!]
 
Error: (12/16/2015 11:45:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner (4).exe, version 5.0.2.5, faulting module adwcleaner (4).exe, version 5.0.2.5, fault address 0x000211de.
Processing media-specific event for [adwcleaner (4).exe!ws!]
 
Error: (12/16/2015 11:44:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application adwcleaner (3).exe, version 5.0.2.5, faulting module adwcleaner (3).exe, version 5.0.2.5, fault address 0x000211de.
Processing media-specific event for [adwcleaner (3).exe!ws!]
 
Error: (12/13/2015 11:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (12/13/2015 11:11:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (12/13/2015 11:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (12/13/2015 11:10:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
Error: (12/13/2015 10:54:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]
 
 
System errors:
=============
Error: (12/24/2015 12:30:17 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001EE31BADFF has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/24/2015 01:05:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/22/2015 02:12:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001EE31BADFF has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/21/2015 06:33:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 198.18.49.209 for the Network Card with network address 00FF65DD337A has been
denied by the DHCP server 198.18.15.254 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/21/2015 06:09:09 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 198.18.0.96 for the Network Card with network address 00FF65DD337A has been
denied by the DHCP server 198.18.63.254 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/21/2015 04:57:49 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 198.18.17.181 for the Network Card with network address 00FF65DD337A has been
denied by the DHCP server 198.18.15.254 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/20/2015 01:51:59 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.2 for the Network Card with network address 001EE31BADFF has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/16/2015 12:05:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/16/2015 11:40:19 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 198.18.32.24 for the Network Card with network address 00FF65DD337A has been
denied by the DHCP server 198.18.31.254 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/16/2015 04:15:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz
Percentage of memory in use: 74%
Total physical RAM: 2550.37 MB
Available physical RAM: 662.85 MB
Total Virtual: 3149.68 MB
Available Virtual: 1123.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:80.56 GB) (Free:4.19 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:50.24 GB) (Free:45.4 GB) NTFS
Drive e: () (Fixed) (Total:50.31 GB) (Free:39.34 GB) NTFS
Drive f: (Small) (Fixed) (Total:1.5 GB) (Free:1.45 GB) NTFS
Drive g: () (Fixed) (Total:50.27 GB) (Free:46.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: AA1AAA1A)
Partition 1: (Active) - (Size=80.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=152.3 GB) - (Type=05)
 
==================== End of Addition.txt ============================

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 24 December 2015 - 03:54 PM

Nice to meet you as well.

Do you recognize this Internet Service Provider?

Iran, Islamic Republic Of Esfahan Mihan Communication Systems Co.ltd

Please consider and do this.

There is very little free space on your Operating System drive which will cause some performance issues:

Drive c: () (Fixed) (Total:80.56 GB) (Free:4.19 GB) NTFS ==>[drive with boot components (Windows XP)]

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-776561741-1343024091-1606980848-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-776561741-1343024091-1606980848-1003: wondershare.com/FantashowPlugin -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll [No File]
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{017276A5-F41B-48CF-BB1E-FAB472D6E32B}
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
S0 keaaycm; System32\drivers\clydnkby.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U2 TMAgent; no ImagePath
U3 tmeevw; no ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-12-21 19:54 - 2015-12-21 19:55 - 00000000 ____D C:\WINDOWS.0\CC1F6DA021D2425AB1B65B164A598450.TMP
C:\Documents and Settings\Tony\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{6ebec176-0bb1-52a8-b1ac-058bc2d35420}\InprocServer32 -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll => No File
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\tony.TONY-B4DA82999C\MediaFire:mf_x
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize the Internet Service Provider?
  • Fixlog
  • RogueKiller log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 26 December 2015 - 07:17 AM

Hey Gary Yes , i recognize it

but about µTorrent , i dont use it much . also i dont mind copy right , because we haven't law about it , at least this maybe a positive point to live in my f*ing country for saving money lol

about free space on hard disk , how much it should be Gary and why ? i freed 6G more , i dunno that's enough or not

 

here Logs :

 

Fix result of Farbar Recovery Scan Tool (x86) Version:23-12-2015 Ran by tony (2015-12-25 19:42:13) Run:1 Running from C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop Loaded Profiles: tony (Available Profiles: tony & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ProxyEnable: [S-1-5-21-776561741-1343024091-1606980848-1003] => Proxy is enabled. ProxyServer: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213 AutoConfigURL: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213 HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-776561741-1343024091-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing FF Plugin HKU\S-1-5-21-776561741-1343024091-1606980848-1003: wondershare.com/FantashowPlugin -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll [No File] S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X] S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{017276A5-F41B-48CF-BB1E-FAB472D6E32B} S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X] S4 InCDFs; system32\drivers\InCDFs.sys [X] S1 InCDPass; system32\drivers\InCDPass.sys [X] S1 InCDRm; system32\drivers\InCDRm.sys [X] S4 IntelIde; no ImagePath S0 keaaycm; System32\drivers\clydnkby.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] U2 TMAgent; no ImagePath U3 tmeevw; no ImagePath S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X] 2015-12-21 19:54 - 2015-12-21 19:55 - 00000000 ____D C:\WINDOWS.0\CC1F6DA021D2425AB1B65B164A598450.TMP C:\Documents and Settings\Tony\Local Settings\Temp\Quarantine.exe C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\sqlite3.dll CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{6ebec176-0bb1-52a8-b1ac-058bc2d35420}\InprocServer32 -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll => No File AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7 AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7 AlternateDataStreams: C:\Documents and Settings\tony.TONY-B4DA82999C\MediaFire:mf_x CMD: ipconfig /flushdns CMD: netsh winsock reset CMD: ipconfig /release CMD: ipconfig /renew ***************** Restore point was successfully created. Processes closed successfully. RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/software/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : tony [Administrator] Started from : C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\RogueKiller.exe Mode : Scan -- Date : 12/26/2015 15:41:14 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 11 ¤¤¤ [PUP] HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Found [PUM.Proxy] HKEY_USERS\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found [PUM.Proxy] HKEY_USERS\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:3213;https=127.0.0.1:3213 -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA8B353F-3BAE-488A-B9CB-2DE73DDCA328} | NameServer : 217.218.155.155 46.143.233.5 ([X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA8B353F-3BAE-488A-B9CB-2DE73DDCA328} | NameServer : 217.218.155.155 46.143.233.5 ([X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X]) -> Found [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X]) -> Found ¤¤¤ Tasks : 1 ¤¤¤ [Suspicious.Path] %WINDIR%\Tasks\VerifiedVPN_NMDInUseCheck.job -- C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\VerifiedVPN\NMD\uninstall.exe (/U:C:\DOCUME~1\TONY~1.TON\APPLIC~1\VERIFI~1\NMD\UNINST~1\UNINST~1.XML) -> Found ¤¤¤ Files : 2 ¤¤¤ [PUP][Folder] C:\Program Files\Applian Technologies -> Found [PUP][Folder] C:\Program Files\FLV Player -> Found ¤¤¤ Hosts File : 1 ¤¤¤ [C:\WINDOWS.0\system32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 32 (Driver: Loaded) ¤¤¤ [SSDT:Addr(Hook.SSDT)] ZwAssignProcessToJobObject[19] : Unknown @ 0xffffffff89e5029c [SSDT:Addr(Hook.SSDT)] ZwCreateKey[41] : Unknown @ 0xffffffff89e334d4 [SSDT:Addr(Hook.SSDT)] ZwCreateMutant[43] : Unknown @ 0xffffffff89e86634 [SSDT:Addr(Hook.SSDT)] ZwCreateProcess[47] : Unknown @ 0xffffffff899f91ac [SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[48] : Unknown @ 0xffffffff899e77dc [SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[52] : Unknown @ 0xffffffff89e4ba3c [SSDT:Addr(Hook.SSDT)] ZwCreateThread[53] : Unknown @ 0xffffffff89e4a504 [SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[57] : Unknown @ 0xffffffff89e4e45c [SSDT:Addr(Hook.SSDT)] ZwDeleteKey[63] : Unknown @ 0xffffffff89e84564 [SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[65] : Unknown @ 0xffffffff89e496cc [SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[68] : Unknown @ 0xffffffff89e87e14 [SSDT:Addr(Hook.SSDT)] ZwGetContextThread[85] : Unknown @ 0xffffffff89e89564 [SSDT:Addr(Hook.SSDT)] ZwLoadDriver[97] : Unknown @ 0xffffffff89e860dc [SSDT:Addr(Hook.SSDT)] ZwMapViewOfSection[108] : Unknown @ 0xffffffff89e850ec [SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : Unknown @ 0xffffffff899ce224 [SSDT:Addr(Hook.SSDT)] ZwOpenSection[125] : Unknown @ 0xffffffff89e499e4 [SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : Unknown @ 0xffffffff899dc8cc [SSDT:Addr(Hook.SSDT)] ZwProtectVirtualMemory[137] : Unknown @ 0xffffffff89e8b21c [SSDT:Addr(Hook.SSDT)] ZwRenameKey[192] : Unknown @ 0xffffffff89e84a44 [SSDT:Addr(Hook.SSDT)] ZwRestoreKey[204] : Unknown @ 0xffffffff89e84db4 [SSDT:Addr(Hook.SSDT)] ZwResumeThread[206] : Unknown @ 0xffffffff89e4e2c4 [SSDT:Addr(Hook.SSDT)] ZwSetContextThread[213] : Unknown @ 0xffffffff89e89b24 [SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[240] : Unknown @ 0xffffffff89e890d4 [SSDT:Addr(Hook.SSDT)] ZwSetValueKey[247] : Unknown @ 0xffffffff89b03a2c [SSDT:Addr(Hook.SSDT)] ZwSystemDebugControl[255] : Unknown @ 0xffffffff89e4f00c [SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[257] : Unknown @ 0xffffffff89c9041c [SSDT:Addr(Hook.SSDT)] ZwTerminateThread[258] : Unknown @ 0xffffffff899f53d4 [SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[277] : Unknown @ 0xffffffff89e85c74 [ShwSSDT:Addr(Hook.Shadow)] NtUserCreateWindowEx[343] : Unknown @ 0xffffffff88e8c404 [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[548] : Unknown @ 0xffffffff88e84ea4 [ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xffffffff89903f7c [IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_READ[3] : Unknown @ 0xffffffff89e32b70 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 2c4799f3a87051331eb732f265067b74 [BSP] 6e85e34fa38563b89d55622c2eee8486 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 82497 MB [Windows XP Bootstrap | Windows XP Bootloader] 1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 168955605 | Size: 155974 MB User = LL1 ... OK User = LL2 ... OK


Edited by hatemalware2, 26 December 2015 - 07:19 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 26 December 2015 - 08:13 AM

Greetings,

Whether file sharing is legal or not, my biggest concern is the poison that is included in many peer to peer files. Just be careful.

Generally speaking it is recommended you have about 15% free hard drive space. That can differ depending on the overall size of the drive. The smaller the drive the less that 15% is in GB space. Just do the best you can.

Is it possible to repost the reports so they are formatted correctly and make more sense?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 26 December 2015 - 10:32 AM

Fix result of Farbar Recovery Scan Tool (x86) Version:23-12-2015
Ran by tony (2015-12-25 19:42:13) Run:1
Running from C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop
Loaded Profiles: tony (Available Profiles: tony & Guest)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-776561741-1343024091-1606980848-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
AutoConfigURL: [S-1-5-21-776561741-1343024091-1606980848-1003] => http=127.0.0.1:3213;https=127.0.0.1:3213
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm
HKU\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
FF Plugin HKU\S-1-5-21-776561741-1343024091-1606980848-1003: wondershare.com/FantashowPlugin -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll [No File]
S3 COMSysApp; C:\WINDOWS.0\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S3 SwPrv; C:\WINDOWS.0\system32\dllhost.exe /Processid:{017276A5-F41B-48CF-BB1E-FAB472D6E32B}
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S4 InCDFs; system32\drivers\InCDFs.sys [X]
S1 InCDPass; system32\drivers\InCDPass.sys [X]
S1 InCDRm; system32\drivers\InCDRm.sys [X]
S4 IntelIde; no ImagePath
S0 keaaycm; System32\drivers\clydnkby.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
U2 TMAgent; no ImagePath
U3 tmeevw; no ImagePath
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-12-21 19:54 - 2015-12-21 19:55 - 00000000 ____D C:\WINDOWS.0\CC1F6DA021D2425AB1B65B164A598450.TMP
C:\Documents and Settings\Tony\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\tony.TONY-B4DA82999C\Local Settings\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-776561741-1343024091-1606980848-1003_Classes\CLSID\{6ebec176-0bb1-52a8-b1ac-058bc2d35420}\InprocServer32 -> C:\Program Files\Wondershare\Fantashow Plus\npFantashowPlugin.dll => No File
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:2CB9631F
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Temp:BF3D62E7
AlternateDataStreams: C:\Documents and Settings\tony.TONY-B4DA82999C\MediaFire:mf_x
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
 
 
RogueKiller V11.0.4.0 [Dec 20 2015] (Free) by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : tony [Administrator]
Started from : C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/26/2015 15:41:14
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-776561741-1343024091-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:3213;https=127.0.0.1:3213  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BA8B353F-3BAE-488A-B9CB-2DE73DDCA328} | NameServer : 217.218.155.155 46.143.233.5 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BA8B353F-3BAE-488A-B9CB-2DE73DDCA328} | NameServer : 217.218.155.155 46.143.233.5 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{26E173B9-CC9C-42D2-B61F-AEA81FB9D986} | NameServer : 46.143.233.2,217.218.155.155 ([X][X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D5FDD96F-CDA9-4093-BE6A-1CFB0964212F} | NameServer : 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 ([-][-][-][-][-][-][X][X][X][X])  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\VerifiedVPN_NMDInUseCheck.job -- C:\Documents and Settings\tony.TONY-B4DA82999C\Application Data\VerifiedVPN\NMD\uninstall.exe (/U:C:\DOCUME~1\TONY~1.TON\APPLIC~1\VERIFI~1\NMD\UNINST~1\UNINST~1.XML) -> Found
 
¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\Program Files\Applian Technologies -> Found
[PUP][Folder] C:\Program Files\FLV Player -> Found
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS.0\system32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 32 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwAssignProcessToJobObject[19] : Unknown @ 0xffffffff89e5029c
[SSDT:Addr(Hook.SSDT)] ZwCreateKey[41] : Unknown @ 0xffffffff89e334d4
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[43] : Unknown @ 0xffffffff89e86634
[SSDT:Addr(Hook.SSDT)] ZwCreateProcess[47] : Unknown @ 0xffffffff899f91ac
[SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[48] : Unknown @ 0xffffffff899e77dc
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[52] : Unknown @ 0xffffffff89e4ba3c
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[53] : Unknown @ 0xffffffff89e4a504
[SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[57] : Unknown @ 0xffffffff89e4e45c
[SSDT:Addr(Hook.SSDT)] ZwDeleteKey[63] : Unknown @ 0xffffffff89e84564
[SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[65] : Unknown @ 0xffffffff89e496cc
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[68] : Unknown @ 0xffffffff89e87e14
[SSDT:Addr(Hook.SSDT)] ZwGetContextThread[85] : Unknown @ 0xffffffff89e89564
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[97] : Unknown @ 0xffffffff89e860dc
[SSDT:Addr(Hook.SSDT)] ZwMapViewOfSection[108] : Unknown @ 0xffffffff89e850ec
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : Unknown @ 0xffffffff899ce224
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[125] : Unknown @ 0xffffffff89e499e4
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : Unknown @ 0xffffffff899dc8cc
[SSDT:Addr(Hook.SSDT)] ZwProtectVirtualMemory[137] : Unknown @ 0xffffffff89e8b21c
[SSDT:Addr(Hook.SSDT)] ZwRenameKey[192] : Unknown @ 0xffffffff89e84a44
[SSDT:Addr(Hook.SSDT)] ZwRestoreKey[204] : Unknown @ 0xffffffff89e84db4
[SSDT:Addr(Hook.SSDT)] ZwResumeThread[206] : Unknown @ 0xffffffff89e4e2c4
[SSDT:Addr(Hook.SSDT)] ZwSetContextThread[213] : Unknown @ 0xffffffff89e89b24
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[240] : Unknown @ 0xffffffff89e890d4
[SSDT:Addr(Hook.SSDT)] ZwSetValueKey[247] : Unknown @ 0xffffffff89b03a2c
[SSDT:Addr(Hook.SSDT)] ZwSystemDebugControl[255] : Unknown @ 0xffffffff89e4f00c
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[257] : Unknown @ 0xffffffff89c9041c
[SSDT:Addr(Hook.SSDT)] ZwTerminateThread[258] : Unknown @ 0xffffffff899f53d4
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[277] : Unknown @ 0xffffffff89e85c74
[ShwSSDT:Addr(Hook.Shadow)] NtUserCreateWindowEx[343] : Unknown @ 0xffffffff88e8c404
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookAW[548] : Unknown @ 0xffffffff88e84ea4
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0xffffffff89903f7c
[IRP:Addr(Hook.IRP)] \Driver\kbdclass - IRP_MJ_READ[3] : Unknown @ 0xffffffff89e32b70
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 2c4799f3a87051331eb732f265067b74
[BSP] 6e85e34fa38563b89d55622c2eee8486 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 82497 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 168955605 | Size: 155974 MB
User = LL1 ... OK
User = LL2 ... OK
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 26 December 2015 - 12:52 PM

Greetings,

Only part of the Fixlog is posted. What is shown is the list to be fixed but there should also be additional information about how the program handled the fix. Please repeat the Fixlist steps in Post #6 and copy/paste the Fixlog in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 27 December 2015 - 10:39 AM

Hey Gary Unfortunately software can't finish its job when i click on 'Fix' my laptop is getting hanged , I tried twice and i saw same problem

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 27 December 2015 - 11:19 AM

Can you attempt it after booting into safe mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 27 December 2015 - 12:10 PM

I did , it get hanged at safe mode too



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:54 PM

Posted 27 December 2015 - 02:00 PM

OK, let's try one more time after first running a special program.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another...) and save it to your desktop:

Link 1
Link 2
Link 3
Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • Attempt to run the FRST fix
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Rkill log
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 hatemalware2

hatemalware2
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 28 December 2015 - 05:18 AM

FRST has still same problem

 

I ran Rkill and post log :

 

Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 12/27/2015 11:06:30 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\WINDOWS.0\System32\WLTRYSVC.EXE (PID: 984) [WD-HEUR]
 * C:\WINDOWS.0\System32\bcmwltry.exe (PID: 1024) [WD-HEUR]
 * C:\WINDOWS.0\system32\WLTRAY.exe (PID: 900) [WD-HEUR]
 * C:\WINDOWS.0\system32\hkcmd.exe (PID: 940) [WD-HEUR]
 * C:\WINDOWS.0\system32\igfxpers.exe (PID: 972) [WD-HEUR]
 * C:\WINDOWS.0\system32\igfxsrvc.exe (PID: 1216) [WD-HEUR]
 * C:\WINDOWS.0\stsystra.exe (PID: 1292) [WD-HEUR]
 * C:\WINDOWS.0\System32\alg.exe (PID: 888) [WD-HEUR]
 * C:\Documents and Settings\tony.TONY-B4DA82999C\My Documents\Downloads\Compressed\Adobe Photoshop CS5 Portable [www.Patoghu.com]\Adobe Photoshop CS5 Portable [www.Patoghu.com]\Photoshop.exe (PID: 5396) [UP-HEUR]
 
9 proccesses terminated!
 
Possibly Patched Files.
 
 * C:\WINDOWS.0\system32\services.exe
 * C:\WINDOWS.0\system32\lsass.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\System32\svchost.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\system32\ctfmon.exe
 * C:\WINDOWS.0\system32\wbem\wmiprvse.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\system32\svchost.exe
 * C:\WINDOWS.0\System32\svchost.exe
 * C:\WINDOWS.0\system32\wscntfy.exe
 * C:\WINDOWS.0\system32\wbem\wmiprvse.exe
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Documents and Settings\tony.TONY-B4DA82999C\Desktop\rkill\rkill-12-27-2015-11-06-48.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Reparse Point/Junctions Found (Most likely legitimate)!
 
     * C:\WINDOWS.0\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS.0\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * C:\WINDOWS.0\System32\appmgmts.dll : 167,936 : 04/14/2008 02:30 PM : d8849f77c0b66226335a59d26cb4edc6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\appmgmts.dll : 167,936 : 04/14/2008 02:30 PM : d8849f77c0b66226335a59d26cb4edc6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\clipsrv.exe : 33,280 : 04/14/2008 02:30 PM : 34cbe729f38138217f9c80212a2a0c82 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\clipsrv.exe : 33,280 : 04/14/2008 02:30 PM : 34cbe729f38138217f9c80212a2a0c82 [Pos Repl]
 
 * C:\WINDOWS.0\System32\comres.dll : 792,064 : 04/14/2008 02:30 PM : 1280a158c722fa95a80fb7aebe78fa7d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\comres.dll : 792,064 : 04/14/2008 02:30 PM : 1280a158c722fa95a80fb7aebe78fa7d [Pos Repl]
 
 * C:\WINDOWS.0\System32\cryptsvc.dll : 62,464 : 04/14/2008 02:30 PM : 3d4e199942e29207970e04315d02ad3b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\cryptsvc.dll : 62,464 : 04/14/2008 02:30 PM : 3d4e199942e29207970e04315d02ad3b [Pos Repl]
 
 * C:\WINDOWS.0\System32\csrss.exe : 6,144 : 04/14/2008 02:30 PM : 44f275c64738ea2056e3d9580c23b60f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\csrss.exe : 6,144 : 04/14/2008 02:30 PM : 44f275c64738ea2056e3d9580c23b60f [Pos Repl]
 
 * C:\WINDOWS.0\System32\ctfmon.exe : 15,360 : 04/14/2008 02:30 PM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ctfmon.exe : 15,360 : 04/14/2008 02:30 PM : 5f1d5f88303d4a4dbc8e5f97ba967cc3 [Pos Repl]
 
 * C:\WINDOWS.0\System32\d3d8.dll : 1,179,648 : 04/14/2008 02:30 PM : f099b129022170f2df9e1c0185c9bcfb [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\d3d8.dll : 1,179,648 : 04/14/2008 02:30 PM : f099b129022170f2df9e1c0185c9bcfb [Pos Repl]
 
 * C:\WINDOWS.0\System32\d3d8thk.dll : 8,192 : 04/14/2008 02:30 PM : 31b067c412fa1a9bad3ca2a63d7da440 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\d3d8thk.dll : 8,192 : 04/14/2008 02:30 PM : 31b067c412fa1a9bad3ca2a63d7da440 [Pos Repl]
 
 * C:\WINDOWS.0\System32\d3d9.dll : 1,689,088 : 10/10/2012 09:13 PM : d2cf91b2c710e9f666e60afbf87643ee [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\d3d9.dll : 1,689,088 : 10/10/2012 09:13 PM : d2cf91b2c710e9f666e60afbf87643ee [Pos Repl]
 
 * C:\WINDOWS.0\System32\ddraw.dll : 279,552 : 04/14/2008 02:30 PM : a340cd71eb535a3dd751b5f28723e50c [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ddraw.dll : 279,552 : 04/14/2008 02:30 PM : a340cd71eb535a3dd751b5f28723e50c [Pos Repl]
 
 * C:\WINDOWS.0\System32\dllhost.exe : 5,120 : 04/14/2008 02:30 PM : 0a9ba6af531afe7fa5e4fb973852d863 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dllhost.exe : 5,120 : 04/14/2008 02:30 PM : 0a9ba6af531afe7fa5e4fb973852d863 [Pos Repl]
 
 * C:\WINDOWS.0\System32\dsound.dll : 367,616 : 04/14/2008 02:30 PM : 4d83ed8bddec431fc8ad907b47cfb6e3 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dsound.dll : 367,616 : 04/14/2008 02:30 PM : 4d83ed8bddec431fc8ad907b47cfb6e3 [Pos Repl]
 
 * C:\WINDOWS.0\System32\dssenh.dll : 138,752 : 04/14/2008 02:30 PM : fede68bf80052bad393afd5c2e60dcb0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dssenh.dll : 138,752 : 04/14/2008 02:30 PM : fede68bf80052bad393afd5c2e60dcb0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\es.dll : 253,952 : 10/10/2012 09:13 PM : f17f6226bdc0cd5f0bef0daf84d29bec [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\es.dll : 253,952 : 10/10/2012 09:13 PM : f17f6226bdc0cd5f0bef0daf84d29bec [Pos Repl]
 
 * C:\WINDOWS.0\System32\eventlog.dll : 56,320 : 04/14/2008 02:30 PM : 6d4feb43ee538fc5428cc7f0565aa656 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\eventlog.dll : 56,320 : 04/14/2008 02:30 PM : 6d4feb43ee538fc5428cc7f0565aa656 [Pos Repl]
 
 * C:\WINDOWS.0\System32\hid.dll : 20,992 : 10/10/2012 09:21 PM : 8973122796e3b5d6b5900fc186e55fea [NoSig]
 
 * C:\WINDOWS.0\System32\hnetcfg.dll : 344,064 : 10/10/2012 09:13 PM : 0a878aa66e4dd3e2608192a1eccd9f8f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\hnetcfg.dll : 344,064 : 10/10/2012 09:13 PM : 0a878aa66e4dd3e2608192a1eccd9f8f [Pos Repl]
 
 * C:\WINDOWS.0\System32\imm32.dll : 110,080 : 04/14/2008 02:30 PM : 0da85218e92526972a821587e6a8bf8f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\imm32.dll : 110,080 : 04/14/2008 02:30 PM : 0da85218e92526972a821587e6a8bf8f [Pos Repl]
 
 * C:\WINDOWS.0\System32\ipsecsvc.dll : 183,808 : 04/14/2008 02:30 PM : 332760fba1655fcfd35bd6f4fd871300 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ipsecsvc.dll : 183,808 : 04/14/2008 02:30 PM : 332760fba1655fcfd35bd6f4fd871300 [Pos Repl]
 
 * C:\WINDOWS.0\System32\kernel32.dll : 993,280 : 03/12/2014 02:18 PM : 4a45b692d2baa74124df57472d5ea2f1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\kernel32.dll : 993,280 : 03/12/2014 02:18 PM : 4a45b692d2baa74124df57472d5ea2f1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\ksuser.dll : 4,096 : 04/14/2008 03:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ksuser.dll : 4,096 : 04/14/2008 03:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0013\DriverFiles\i386\ksuser.dll : 4,096 : 04/14/2008 02:41 AM : 9b9f1c38d559047b8ac0dba2d5febde9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\linkinfo.dll : 19,968 : 04/14/2008 02:30 PM : 2dc5a8019e2387987905f77c664e4be2 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\linkinfo.dll : 19,968 : 04/14/2008 02:30 PM : 2dc5a8019e2387987905f77c664e4be2 [Pos Repl]
 
 * C:\WINDOWS.0\System32\lpk.dll : 22,016 : 04/14/2008 02:30 PM : 012df358cebaa23acb26d82077820817 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\lpk.dll : 22,016 : 04/14/2008 02:30 PM : 012df358cebaa23acb26d82077820817 [Pos Repl]
 
 * C:\WINDOWS.0\System32\lsass.exe : 13,312 : 04/14/2008 02:30 PM : bf2466b3e18e970d8a976fb95fc1ca85 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\lsass.exe : 13,312 : 04/14/2008 02:30 PM : bf2466b3e18e970d8a976fb95fc1ca85 [Pos Repl]
 
 * C:\WINDOWS.0\System32\midimap.dll : 18,944 : 04/14/2008 02:30 PM : 5c12660a97822f6e61576943b49aaad6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\midimap.dll : 18,944 : 04/14/2008 02:30 PM : 5c12660a97822f6e61576943b49aaad6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\msgsvc.dll : 33,792 : 04/14/2008 02:30 PM : 986b1ff5814366d71e0ac5755c88f2d3 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msgsvc.dll : 33,792 : 04/14/2008 02:30 PM : 986b1ff5814366d71e0ac5755c88f2d3 [Pos Repl]
 
 * C:\WINDOWS.0\System32\mshtml.dll : 6,022,144 : 04/30/2014 11:43 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [NoSig]
 +-> C:\WINDOWS.0\ie8updates\KB2964358-IE8\mshtml.dll : 6,010,368 : 10/10/2012 09:16 PM : cf6b381c3518ab328382429cae206d64 [Pos Repl]
 +-> C:\WINDOWS.0\system32\dllcache\mshtml.dll : 6,022,144 : 04/30/2014 11:43 AM : 3db2624ccb1663bf6d62311b2b9e7b55 [Pos Repl]
 
 * C:\WINDOWS.0\System32\msimg32.dll : 4,608 : 04/14/2008 02:30 PM : affc87e2501fce8f09d4c10ba6421ccf [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msimg32.dll : 4,608 : 04/14/2008 02:30 PM : affc87e2501fce8f09d4c10ba6421ccf [Pos Repl]
 
 * C:\WINDOWS.0\System32\mspmsnsv.dll : 27,136 : 10/18/2006 08:47 PM : c51b4a5c05a5475708e3c81c7765b71d [NoSig]
 +-> C:\WINDOWS.0\$NtUninstallWMFDist11$\mspmsnsv.dll : 52,224 : 04/14/2008 02:30 PM : c7e39ea41233e9f5b86c8da3a9f1e4a8 [Pos Repl]
 +-> C:\WINDOWS.0\system32\dllcache\mspmsnsv.dll : 27,136 : 10/18/2006 08:47 PM : c51b4a5c05a5475708e3c81c7765b71d [Pos Repl]
 
 * C:\WINDOWS.0\System32\msprivs.dll : 48,128 : 04/14/2008 02:30 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msprivs.dll : 48,128 : 04/14/2008 02:30 PM : c6bb1d1500db4a0e224cb65e6c7e8a80 [Pos Repl]
 
 * C:\WINDOWS.0\System32\msvcrt.dll : 343,040 : 10/10/2012 09:14 PM : 06b8485fb1da9a552b10ab978cd1ac85 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msvcrt.dll : 343,040 : 10/10/2012 09:14 PM : 06b8485fb1da9a552b10ab978cd1ac85 [Pos Repl]
 +-> C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll : 322,560 : 04/14/2008 02:30 PM : 4200be3808f6406dbe45a7b88dae5035 [Pos Repl]
 +-> C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5701_x-ww_40d12c25\msvcrt.dll : 343,040 : 10/10/2012 09:12 PM : a4c4a54fd7e31179cb5bdf7896df3df7 [Pos Repl]
 
 * C:\WINDOWS.0\System32\netlogon.dll : 407,040 : 10/10/2012 09:14 PM : 06cf9eedb7e827205c6948c9daf56974 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\netlogon.dll : 407,040 : 10/10/2012 09:14 PM : 06cf9eedb7e827205c6948c9daf56974 [Pos Repl]
 
 * C:\WINDOWS.0\System32\netman.dll : 198,144 : 04/14/2008 02:30 PM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\netman.dll : 198,144 : 04/14/2008 02:30 PM : 13e67b55b3abd7bf3fe7aae5a0f9a9de [Pos Repl]
 
 * C:\WINDOWS.0\System32\ntmssvc.dll : 435,200 : 04/14/2008 02:30 PM : 156f64a3345bd23c600655fb4d10bc08 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ntmssvc.dll : 435,200 : 04/14/2008 02:30 PM : 156f64a3345bd23c600655fb4d10bc08 [Pos Repl]
 
 * C:\WINDOWS.0\System32\ole32.dll : 1,289,728 : 08/05/2013 05:00 PM : 59b408e5b8489b0b36a0d783d150edcc [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ole32.dll : 1,289,728 : 08/05/2013 05:00 PM : 59b408e5b8489b0b36a0d783d150edcc [Pos Repl]
 
 * C:\WINDOWS.0\System32\olepro32.dll : 84,992 : 04/14/2008 02:30 PM : 5652f6ce1d9e9d8068b9d29bc21b5409 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\olepro32.dll : 84,992 : 04/14/2008 02:30 PM : 5652f6ce1d9e9d8068b9d29bc21b5409 [Pos Repl]
 
 * C:\WINDOWS.0\System32\perfctrs.dll : 39,936 : 04/14/2008 02:30 PM : dbe2b62353660ecca0d75ea307a717e9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\perfctrs.dll : 39,936 : 04/14/2008 02:30 PM : dbe2b62353660ecca0d75ea307a717e9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\powrprof.dll : 17,408 : 04/14/2008 02:30 PM : 50a166237a0fa771261275a405646cc0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\powrprof.dll : 17,408 : 04/14/2008 02:30 PM : 50a166237a0fa771261275a405646cc0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\psbase.dll : 97,280 : 10/10/2012 09:14 PM : 9c300a0ca0a6cbd50d22b3d725edea30 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\psbase.dll : 97,280 : 10/10/2012 09:14 PM : 9c300a0ca0a6cbd50d22b3d725edea30 [Pos Repl]
 
 * C:\WINDOWS.0\System32\pstorsvc.dll : 34,304 : 04/14/2008 02:30 PM : 853d0d0c6f02d7bfdf1cf99dd7553732 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\pstorsvc.dll : 34,304 : 04/14/2008 02:30 PM : 853d0d0c6f02d7bfdf1cf99dd7553732 [Pos Repl]
 
 * C:\WINDOWS.0\System32\qmgr.dll : 409,088 : 04/14/2008 02:30 PM : 574738f61fca2935f5265dc4e5691314 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\qmgr.dll : 409,088 : 04/14/2008 02:30 PM : 574738f61fca2935f5265dc4e5691314 [Pos Repl]
 
 * C:\WINDOWS.0\System32\rasadhlp.dll : 7,680 : 04/14/2008 02:30 PM : 6f9bef24c578d5d6740e080bedd6a448 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rasadhlp.dll : 7,680 : 04/14/2008 02:30 PM : 6f9bef24c578d5d6740e080bedd6a448 [Pos Repl]
 
 * C:\WINDOWS.0\System32\regsvc.dll : 59,904 : 04/14/2008 02:30 PM : 5b19b557b0c188210a56a6b699d90b8f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\regsvc.dll : 59,904 : 04/14/2008 02:30 PM : 5b19b557b0c188210a56a6b699d90b8f [Pos Repl]
 
 * C:\WINDOWS.0\System32\rpcss.dll : 401,408 : 10/10/2012 09:14 PM : 9222562d44021b988b9f9f62207fb6f2 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rpcss.dll : 401,408 : 10/10/2012 09:14 PM : 9222562d44021b988b9f9f62207fb6f2 [Pos Repl]
 
 * C:\WINDOWS.0\System32\scecli.dll : 181,248 : 04/14/2008 02:30 PM : a86bb5e61bf3e39b62ab4c7e7085a084 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\scecli.dll : 181,248 : 04/14/2008 02:30 PM : a86bb5e61bf3e39b62ab4c7e7085a084 [Pos Repl]
 
 * C:\WINDOWS.0\System32\schedsvc.dll : 192,512 : 04/14/2008 02:30 PM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\schedsvc.dll : 192,512 : 04/14/2008 02:30 PM : 0a9a7365a1ca4319aa7c1d6cd8e4eafa [Pos Repl]
 
 * C:\WINDOWS.0\System32\services.exe : 110,592 : 10/10/2012 09:14 PM : c519e15665cd89a91ad383fce3cb556a [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\services.exe : 110,592 : 10/10/2012 09:14 PM : c519e15665cd89a91ad383fce3cb556a [Pos Repl]
 
 * C:\WINDOWS.0\System32\setupapi.dll : 985,088 : 10/10/2012 09:14 PM : ed0ce2deec594778004306e3fa8cac33 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\setupapi.dll : 985,088 : 10/10/2012 09:14 PM : ed0ce2deec594778004306e3fa8cac33 [Pos Repl]
 
 * C:\WINDOWS.0\System32\sfc.dll : 5,120 : 04/14/2008 02:30 PM : 96e1c926f22ee1bfbae82901a35f6bf3 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\sfc.dll : 5,120 : 04/14/2008 02:30 PM : 96e1c926f22ee1bfbae82901a35f6bf3 [Pos Repl]
 
 * C:\WINDOWS.0\System32\sfcfiles.dll : 1,614,848 : 10/10/2012 09:21 PM : e17798e1e6ff1ca9c67b8576570e05ee [NoSig]
 
 * C:\WINDOWS.0\System32\shsvcs.dll : 135,168 : 10/10/2012 09:15 PM : 888cd7b39c37e13a2419becfaaf0a28c [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\shsvcs.dll : 135,168 : 10/10/2012 09:15 PM : 888cd7b39c37e13a2419becfaaf0a28c [Pos Repl]
 
 * C:\WINDOWS.0\System32\smss.exe : 50,688 : 04/14/2008 02:30 PM : 5f816c1f539266d2d4c78694239da0b5 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\smss.exe : 50,688 : 04/14/2008 02:30 PM : 5f816c1f539266d2d4c78694239da0b5 [Pos Repl]
 
 * C:\WINDOWS.0\System32\srsvc.dll : 171,008 : 04/14/2008 02:30 PM : 3805df0ac4296a34ba4bf93b346cc378 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\srsvc.dll : 171,008 : 04/14/2008 02:30 PM : 3805df0ac4296a34ba4bf93b346cc378 [Pos Repl]
 
 * C:\WINDOWS.0\System32\ssdpsrv.dll : 71,680 : 04/14/2008 02:30 PM : 0a5679b3714edab99e357057ee88fca6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ssdpsrv.dll : 71,680 : 04/14/2008 02:30 PM : 0a5679b3714edab99e357057ee88fca6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\svchost.exe : 14,336 : 04/14/2008 02:30 PM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\svchost.exe : 14,336 : 04/14/2008 02:30 PM : 27c6d03bcdb8cfeb96b716f3d8be3e18 [Pos Repl]
 
 * C:\WINDOWS.0\System32\tapisrv.dll : 249,856 : 10/10/2012 09:15 PM : e2b32b10acc5d97623275aafb67e5f03 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tapisrv.dll : 249,856 : 10/10/2012 09:15 PM : e2b32b10acc5d97623275aafb67e5f03 [Pos Repl]
 
 * C:\WINDOWS.0\System32\termsrv.dll : 296,960 : 10/10/2012 09:15 PM : 5128852a18ae46c387f87bf27da4c9dd [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\termsrv.dll : 296,960 : 10/10/2012 09:15 PM : 5128852a18ae46c387f87bf27da4c9dd [Pos Repl]
 
 * C:\WINDOWS.0\System32\upnphost.dll : 185,856 : 04/14/2008 02:30 PM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\upnphost.dll : 185,856 : 04/14/2008 02:30 PM : 1ebafeb9a3fbdc41b8d9c7f0f687ad91 [Pos Repl]
 
 * C:\WINDOWS.0\System32\user32.dll : 578,560 : 04/14/2008 02:30 PM : b26b135ff1b9f60c9388b4a7d16f600b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\user32.dll : 578,560 : 04/14/2008 02:30 PM : b26b135ff1b9f60c9388b4a7d16f600b [Pos Repl]
 
 * C:\WINDOWS.0\System32\userinit.exe : 26,112 : 04/14/2008 02:30 PM : a93aee1928a9d7ce3e16d24ec7380f89 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\userinit.exe : 26,112 : 04/14/2008 02:30 PM : a93aee1928a9d7ce3e16d24ec7380f89 [Pos Repl]
 
 * C:\WINDOWS.0\System32\UxTheme.dll : 218,624 : 04/14/2008 02:30 PM : 7a2cc3719b255e6b5d74396183b7715b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\uxtheme.dll : 218,624 : 04/14/2008 02:30 PM : 7a2cc3719b255e6b5d74396183b7715b [Pos Repl]
 
 * C:\WINDOWS.0\System32\version.dll : 18,944 : 04/14/2008 02:30 PM : c7ce131408739b0b3a318be2d0032719 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\version.dll : 18,944 : 04/14/2008 02:30 PM : c7ce131408739b0b3a318be2d0032719 [Pos Repl]
 
 * C:\WINDOWS.0\System32\w32time.dll : 175,616 : 10/10/2012 09:15 PM : 9f8a0d0cbb2fa265a754516128c00e22 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\w32time.dll : 175,616 : 10/10/2012 09:15 PM : 9f8a0d0cbb2fa265a754516128c00e22 [Pos Repl]
 
 * C:\WINDOWS.0\System32\wbem\wmiprvse.exe : 227,840 : 10/10/2012 09:15 PM : f520ab392d58c0a1070268032d809382 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wmiprvse.exe : 227,840 : 10/10/2012 09:15 PM : f520ab392d58c0a1070268032d809382 [Pos Repl]
 
 * C:\WINDOWS.0\System32\wdigest.dll : 54,272 : 10/10/2012 09:15 PM : bae413e34804ddd5c763b3bec1005fcb [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wdigest.dll : 54,272 : 10/10/2012 09:15 PM : bae413e34804ddd5c763b3bec1005fcb [Pos Repl]
 
 * C:\WINDOWS.0\System32\wiaservc.dll : 333,824 : 04/14/2008 02:30 PM : 8bad69cbac032d4bbacfce0306174c30 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wiaservc.dll : 333,824 : 04/14/2008 02:30 PM : 8bad69cbac032d4bbacfce0306174c30 [Pos Repl]
 
 * C:\WINDOWS.0\System32\wininet.dll : 920,064 : 03/06/2014 09:29 PM : 8af91e4b4c1f5338ebe1548117304296 [NoSig]
 +-> C:\WINDOWS.0\ie8updates\KB2936068-IE8\wininet.dll : 920,064 : 10/10/2012 09:16 PM : dcea3b3193b7181cf818ecc4eab30a66 [Pos Repl]
 +-> C:\WINDOWS.0\system32\dllcache\wininet.dll : 920,064 : 03/06/2014 09:29 PM : 8af91e4b4c1f5338ebe1548117304296 [Pos Repl]
 
 * C:\WINDOWS.0\System32\winlogon.exe : 509,440 : 10/10/2012 09:15 PM : 53a8857723277b1d6d5ee60a9f85b117 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\winlogon.exe : 509,440 : 10/10/2012 09:15 PM : 53a8857723277b1d6d5ee60a9f85b117 [Pos Repl]
 
 * C:\WINDOWS.0\System32\ws2_32.dll : 82,432 : 04/14/2008 02:30 PM : 2ccc474eb85ceaa3e1fa1726580a3e5a [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ws2_32.dll : 82,432 : 04/14/2008 02:30 PM : 2ccc474eb85ceaa3e1fa1726580a3e5a [Pos Repl]
 
 * C:\WINDOWS.0\System32\ws2help.dll : 19,968 : 04/14/2008 02:30 PM : 9789e95e1d88eeb4b922bf3ea7779c28 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ws2help.dll : 19,968 : 04/14/2008 02:30 PM : 9789e95e1d88eeb4b922bf3ea7779c28 [Pos Repl]
 
 * C:\WINDOWS.0\System32\wscntfy.exe : 13,824 : 04/14/2008 02:30 PM : f92e1076c42fcd6db3d72d8cfe9816d5 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wscntfy.exe : 13,824 : 04/14/2008 02:30 PM : f92e1076c42fcd6db3d72d8cfe9816d5 [Pos Repl]
 
 * C:\WINDOWS.0\System32\xmlprov.dll : 129,024 : 04/14/2008 02:30 PM : 295d21f14c335b53cb8154e5b1f892b9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\xmlprov.dll : 129,024 : 04/14/2008 02:30 PM : 295d21f14c335b53cb8154e5b1f892b9 [Pos Repl]
 
 * C:\WINDOWS.0\explorer.exe : 1,033,728 : 10/10/2012 09:13 PM : 2bb75b7f548d82a099125d0c5971de7d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\explorer.exe : 1,033,728 : 10/10/2012 09:13 PM : 2bb75b7f548d82a099125d0c5971de7d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\acpiec.sys : 11,648 : 04/14/2008 02:30 PM : 9859c0f6936e723e4892d7141b1327d5 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\acpi.sys : 187,776 : 04/14/2008 02:30 PM : 8fd99680a539792a30e97944fdaecf17 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\aec.sys : 142,592 : 04/14/2008 06:39 AM : 8bed39e3c35d6a489438b8141717a557 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\aec.sys : 142,592 : 04/14/2008 06:39 AM : 8bed39e3c35d6a489438b8141717a557 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\amdk6.sys : 37,376 : 10/10/2012 09:21 PM : d7701d7e72243286cc88c9973d891057 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\amdk7.sys : 37,760 : 10/10/2012 09:21 PM : 8fce268cdbdd83b23419d1f35f42c7b1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\arp1394.sys : 60,800 : 10/10/2012 09:21 PM : b5b8a80875c1dededa8b02765642c32f [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\asyncmac.sys : 14,336 : 04/14/2008 02:30 PM : b153affac761e7f5fcfa822b9c4e97bc [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\asyncmac.sys : 14,336 : 04/14/2008 02:30 PM : b153affac761e7f5fcfa822b9c4e97bc [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\atapi.sys : 96,512 : 04/14/2008 08:40 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\atapi.sys : 96,512 : 04/14/2008 08:40 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys : 96,512 : 04/14/2008 01:40 AM : 9f3a2f5aa6875c72bf062c712cfa2674 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\audstub.sys : 3,072 : 08/17/2001 03:29 PM : d9f724aa26c010a217c97606b160ed68 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\battc.sys : 14,208 : 04/14/2008 01:36 AM : 0d93976f7801b7fcd8135cc77257bbd0 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\beep.sys : 4,224 : 04/14/2008 02:30 PM : da1f27d85e0d1525f6621372e7b685e9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\beep.sys : 4,224 : 04/14/2008 02:30 PM : da1f27d85e0d1525f6621372e7b685e9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\bridge.sys : 71,552 : 04/14/2008 02:30 PM : f934d1b230f84e1d19dd00ac5a7a83ed [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\bridge.sys : 71,552 : 04/14/2008 02:30 PM : f934d1b230f84e1d19dd00ac5a7a83ed [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\bthport.sys : 272,128 : 10/10/2012 09:13 PM : 51d05d5a8a7d93ab0b1a8d6a38db3ca4 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\cbidf2k.sys : 13,952 : 04/14/2008 02:30 PM : 90a673fc8e12a79afbed2576f6a7aaf9 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\cdaudio.sys : 18,688 : 10/10/2012 09:20 PM : c1b486a7658353d33a10cc15211a873b [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\cdfs.sys : 63,744 : 04/14/2008 02:30 PM : c885b02847f5d2fd45a24e219ed93b32 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\cdfs.sys : 63,744 : 04/14/2008 02:30 PM : c885b02847f5d2fd45a24e219ed93b32 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\cdrom.sys : 62,976 : 10/10/2012 09:13 PM : 4b0a100eaf5c49ef3cca8c641431eacc [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\cdrom.sys : 62,592 : 04/25/2007 05:20 AM : 7b53584d94e9d8716b2de91d5f1cb42d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\classpnp.sys : 49,536 : 04/14/2008 02:30 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\classpnp.sys : 49,536 : 04/14/2008 02:30 PM : fe47dd8fe6d7768ff94ebec6c74b2719 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\CmBatt.sys : 13,952 : 04/14/2008 01:36 AM : 0f6c187d38d98f8df904589a5f94d411 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\compbatt.sys : 10,240 : 04/14/2008 01:36 AM : 6e4c9f21f0fae8940661144f41b13203 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\cpqdap01.sys : 11,776 : 10/10/2012 09:20 PM : 9624293e55ad405415862b504ca95b73 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\crusoe.sys : 36,736 : 10/10/2012 09:21 PM : f50d9bdbb25cce075e514dc07472a22f [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\diskdump.sys : 14,208 : 04/14/2008 02:30 PM : e65e2353a5d74ea89971cb918eeeb2f6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\diskdump.sys : 14,208 : 04/14/2008 02:30 PM : e65e2353a5d74ea89971cb918eeeb2f6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\disk.sys : 36,352 : 10/10/2012 09:13 PM : 47b6aaec570f2c11d8bad80a064d8ed1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\dmboot.sys : 799,744 : 04/14/2008 02:30 PM : d992fe1274bde0f84ad826acae022a41 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dmboot.sys : 799,744 : 04/14/2008 02:30 PM : d992fe1274bde0f84ad826acae022a41 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\dmio.sys : 153,344 : 04/14/2008 02:30 PM : 7c824cf7bbde77d95c08005717a95f6f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dmio.sys : 153,344 : 04/14/2008 02:30 PM : 7c824cf7bbde77d95c08005717a95f6f [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\dmload.sys : 5,888 : 04/14/2008 02:30 PM : e9317282a63ca4d188c0df5e09c6ac5f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dmload.sys : 5,888 : 04/14/2008 02:30 PM : e9317282a63ca4d188c0df5e09c6ac5f [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\DMusic.sys : 52,864 : 04/14/2008 08:45 AM : 8a208dfcf89792a484e76c40e5f50b45 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dmusic.sys : 52,864 : 04/14/2008 08:45 AM : 8a208dfcf89792a484e76c40e5f50b45 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\drmkaud.sys : 2,944 : 04/14/2008 08:45 AM : 8f5fcff8e8848afac920905fbd9d33c8 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\drmkaud.sys : 2,944 : 04/14/2008 08:45 AM : 8f5fcff8e8848afac920905fbd9d33c8 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\drmk.sys : 60,160 : 04/13/2008 10:15 PM : 6cb08593487f5701d2d2254e693eafce [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\drmk.sys : 60,160 : 04/13/2008 10:15 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0013\DriverFiles\i386\drmk.sys : 60,160 : 04/13/2008 09:15 PM : 6cb08593487f5701d2d2254e693eafce [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\dxapi.sys : 10,496 : 04/14/2008 02:30 PM : fe97d0343acfdebdd578fc67cc91fa87 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dxapi.sys : 10,496 : 04/14/2008 02:30 PM : fe97d0343acfdebdd578fc67cc91fa87 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\dxg.sys : 71,168 : 04/14/2008 02:30 PM : ac7280566a7bb85cb3291f04ddc1198e [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\dxgthk.sys : 3,328 : 04/14/2008 02:30 PM : a73f5d6705b1d820c19b18782e176efd [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\dxgthk.sys : 3,328 : 04/14/2008 02:30 PM : a73f5d6705b1d820c19b18782e176efd [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\fastfat.sys : 143,744 : 04/14/2008 02:30 PM : 38d332a6d56af32635675f132548343e [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\fastfat.sys : 143,744 : 04/14/2008 02:30 PM : 38d332a6d56af32635675f132548343e [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\fdc.sys : 27,392 : 04/14/2008 02:30 PM : 92cdd60b6730b9f50f6a1a0c1f8cdc81 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\fips.sys : 44,544 : 04/14/2008 02:30 PM : d45926117eb9fa946a6af572fbe1caa3 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\fips.sys : 44,544 : 04/14/2008 02:30 PM : d45926117eb9fa946a6af572fbe1caa3 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\flpydisk.sys : 20,480 : 04/14/2008 02:30 PM : 9d27e7b80bfcdf1cdd9b555862d5e7f0 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\fltMgr.sys : 129,792 : 04/14/2008 02:30 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\fltmgr.sys : 129,792 : 04/14/2008 02:30 PM : b2cf4b0786f8212cb92ed2b50c6db6b0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\fs_rec.sys : 9,216 : 10/10/2012 09:13 PM : 30d42943a54704ef13e2562911dbfcea [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\fs_rec.sys : 9,216 : 10/10/2012 09:13 PM : 30d42943a54704ef13e2562911dbfcea [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\fsvga.sys : 12,160 : 10/10/2012 09:20 PM : 455f778ee14368468560bd7cb8c854d0 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\ftdisk.sys : 125,056 : 04/14/2008 02:30 PM : 6ac26732762483366c3969c9e4d2259d [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\hidclass.sys : 36,864 : 04/14/2008 02:30 PM : 1af592532532a402ed7c060f6954004f [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\hidusb.sys : 10,368 : 04/14/2008 02:30 PM : ccf82c5ec8a7326c3066de870c06daf1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\http.sys : 265,728 : 10/10/2012 09:13 PM : 937031c085718c1c04a9c0864625ec6b [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\i8042prt.sys : 52,480 : 04/14/2008 02:30 PM : 4a0b06aa8943c1e332520f7440c0aa30 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\imapi.sys : 42,112 : 04/14/2008 02:30 PM : 083a052659f5310dd8b6a6cb05edcf8e [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\intelppm.sys : 36,352 : 04/14/2008 02:30 PM : 8c953733d8f36eb2133f5bb58808b66b [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\ip6fw.sys : 36,608 : 04/14/2008 02:30 PM : 3bb22519a194418d5fec05d800a19ad0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ip6fw.sys : 36,608 : 04/14/2008 02:30 PM : 3bb22519a194418d5fec05d800a19ad0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ipfltdrv.sys : 32,896 : 04/14/2008 02:30 PM : 731f22ba402ee4b62748adaf6363c182 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ipfltdrv.sys : 32,896 : 04/14/2008 02:30 PM : 731f22ba402ee4b62748adaf6363c182 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ipinip.sys : 20,864 : 04/14/2008 02:30 PM : b87ab476dcf76e72010632b5550955f5 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ipinip.sys : 20,864 : 04/14/2008 02:30 PM : b87ab476dcf76e72010632b5550955f5 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ipnat.sys : 152,832 : 04/14/2008 02:30 PM : cc748ea12c6effde940ee98098bf96bb [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ipnat.sys : 152,832 : 04/14/2008 02:30 PM : cc748ea12c6effde940ee98098bf96bb [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ipsec.sys : 75,264 : 04/14/2008 02:30 PM : 23c74d75e36e7158768dd63d92789a91 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ipsec.sys : 75,264 : 04/14/2008 02:30 PM : 23c74d75e36e7158768dd63d92789a91 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\irenum.sys : 11,264 : 04/14/2008 02:30 PM : c93c9ff7b04d772627a3646d89f7bf89 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\irenum.sys : 11,264 : 04/14/2008 02:30 PM : c93c9ff7b04d772627a3646d89f7bf89 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\isapnp.sys : 37,248 : 04/14/2008 08:36 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\isapnp.sys : 37,248 : 04/14/2008 08:36 AM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys : 37,248 : 04/14/2008 02:30 PM : 05a299ec56e52649b1cf2fc52d20f2d7 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\kbdclass.sys : 24,576 : 04/14/2008 02:30 PM : 463c1ec80cd17420a542b7f36a36f128 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\kmixer.sys : 172,416 : 04/14/2008 08:45 AM : 692bcf44383d056aed41b045a323d378 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\kmixer.sys : 172,416 : 04/14/2008 08:45 AM : 692bcf44383d056aed41b045a323d378 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ksecdd.sys : 92,928 : 06/24/2009 12:58 AM : c6ebf1d6ad71df30db49b8d3287e1368 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ksecdd.sys : 92,928 : 06/24/2009 12:58 AM : c6ebf1d6ad71df30db49b8d3287e1368 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ks.sys : 141,056 : 04/13/2008 10:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ks.sys : 141,056 : 04/13/2008 10:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0013\DriverFiles\i386\ks.sys : 141,056 : 04/13/2008 09:46 PM : 0753515f78df7f271a5e61c20bcd36a1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\mcd.sys : 7,680 : 04/14/2008 02:30 PM : d1f8be91ed4ddb671d42e473e3fe71ab [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mcd.sys : 7,680 : 04/14/2008 02:30 PM : d1f8be91ed4ddb671d42e473e3fe71ab [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\mf.sys : 63,744 : 10/10/2012 09:21 PM : a7da20ab18a1bdae28b0f349e57da0d1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\mnmdd.sys : 4,224 : 04/14/2008 02:30 PM : 4ae068242760a1fb6e1a44bf4e16afa6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mnmdd.sys : 4,224 : 04/14/2008 02:30 PM : 4ae068242760a1fb6e1a44bf4e16afa6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\modem.sys : 30,080 : 10/10/2012 09:21 PM : dfcbad3cec1c5f964962ae10e0bcc8e1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\mouclass.sys : 23,040 : 10/10/2012 09:21 PM : 35c9e97194c8cfb8430125f8dbc34d04 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\mouhid.sys : 12,160 : 10/10/2012 09:20 PM : b1c303e17fb9d46e87a98e4ba6769685 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\mountmgr.sys : 42,752 : 10/10/2012 09:13 PM : 1a1faa5102466f418494e94ff9b0b091 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mountmgr.sys : 42,752 : 10/10/2012 09:13 PM : 1a1faa5102466f418494e94ff9b0b091 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\mqac.sys : 92,544 : 04/14/2008 02:30 PM : 70c14f5cca5cf73f8a645c73a01d8726 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mqac.sys : 92,544 : 04/14/2008 02:30 PM : 70c14f5cca5cf73f8a645c73a01d8726 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\msfs.sys : 19,072 : 04/14/2008 02:30 PM : c941ea2454ba8350021d774daf0f1027 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msfs.sys : 19,072 : 04/14/2008 02:30 PM : c941ea2454ba8350021d774daf0f1027 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\msgpc.sys : 35,072 : 04/14/2008 02:30 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\msgpc.sys : 35,072 : 04/14/2008 02:30 PM : 0a02c63c8b144bd8c86b103dee7c86a2 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\MSKSSRV.sys : 7,552 : 04/14/2008 08:39 AM : d1575e71568f4d9e14ca56b7b0453bf1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mskssrv.sys : 7,552 : 04/14/2008 08:39 AM : d1575e71568f4d9e14ca56b7b0453bf1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\MSPCLOCK.sys : 5,376 : 04/14/2008 08:39 AM : 325bb26842fc7ccc1fcce2c457317f3e [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mspclock.sys : 5,376 : 04/14/2008 08:39 AM : 325bb26842fc7ccc1fcce2c457317f3e [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\MSPQM.sys : 4,992 : 04/14/2008 08:39 AM : bad59648ba099da4a17680b39730cb3d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\mspqm.sys : 4,992 : 04/14/2008 08:39 AM : bad59648ba099da4a17680b39730cb3d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\mssmbios.sys : 15,488 : 10/10/2012 09:21 PM : af5f4f3f14a8ea2c26de30f7a1e17136 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\ndis.sys : 182,656 : 04/14/2008 02:30 PM : 1df7f42665c94b825322fae71721130d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ndis.sys : 182,656 : 04/14/2008 02:30 PM : 1df7f42665c94b825322fae71721130d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ndisuio.sys : 14,592 : 10/10/2012 09:21 PM : f927a4434c5028758a842943ef1a3849 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\ndiswan.sys : 91,520 : 04/14/2008 02:30 PM : edc1531a49c80614b2cfda43ca8659ab [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ndiswan.sys : 91,520 : 04/14/2008 02:30 PM : edc1531a49c80614b2cfda43ca8659ab [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ndproxy.sys : 40,960 : 11/27/2013 11:51 PM : 2f597bb467e05b1fe3830eabd821b8e0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ndproxy.sys : 40,960 : 11/27/2013 11:51 PM : 2f597bb467e05b1fe3830eabd821b8e0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\netbios.sys : 34,688 : 04/14/2008 02:30 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\netbios.sys : 34,688 : 04/14/2008 02:30 PM : 5d81cf9a2f1a3a756b66cf684911cdf0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\netbt.sys : 162,816 : 04/14/2008 02:30 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\netbt.sys : 162,816 : 04/14/2008 02:30 PM : 74b2b2f5bea5e9a3dc021d685551bd3d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nic1394.sys : 61,824 : 10/10/2012 09:21 PM : e9e47cfb2d461fa0fc75b7a74c6383ea [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\nikedrv.sys : 12,032 : 10/10/2012 09:20 PM : be984d604d91c217355cdd3737aad25d [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\nmnt.sys : 40,320 : 04/14/2008 02:30 PM : 1e421a6bcf2203cc61b821ada9de878b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nmnt.sys : 40,320 : 04/14/2008 02:30 PM : 1e421a6bcf2203cc61b821ada9de878b [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\npfs.sys : 30,848 : 04/14/2008 02:30 PM : 3182d64ae053d6fb034f44b6def8034a [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\npfs.sys : 30,848 : 04/14/2008 02:30 PM : 3182d64ae053d6fb034f44b6def8034a [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ntfs.sys : 576,384 : 11/18/2008 05:32 PM : 4c51d5275ae8a16999edfe7e647d00de [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ntfs.sys : 576,384 : 11/18/2008 05:32 PM : 4c51d5275ae8a16999edfe7e647d00de [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\null.sys : 2,944 : 04/14/2008 02:30 PM : 73c1e1f395918bc2c6dd67af7591a3ad [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\null.sys : 2,944 : 04/14/2008 02:30 PM : 73c1e1f395918bc2c6dd67af7591a3ad [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwlnkflt.sys : 12,416 : 04/14/2008 02:30 PM : b305f3fad35083837ef46a0bbce2fc57 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwlnkflt.sys : 12,416 : 04/14/2008 02:30 PM : b305f3fad35083837ef46a0bbce2fc57 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwlnkfwd.sys : 32,512 : 04/14/2008 02:30 PM : c99b3415198d1aab7227f2c88fd664b9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwlnkfwd.sys : 32,512 : 04/14/2008 02:30 PM : c99b3415198d1aab7227f2c88fd664b9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwlnkipx.sys : 88,320 : 04/14/2008 02:30 PM : 8b8b1be2dba4025da6786c645f77f123 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwlnkipx.sys : 88,320 : 04/14/2008 02:30 PM : 8b8b1be2dba4025da6786c645f77f123 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwlnknb.sys : 63,232 : 04/14/2008 02:30 PM : 56d34a67c05e94e16377c60609741ff8 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwlnknb.sys : 63,232 : 04/14/2008 02:30 PM : 56d34a67c05e94e16377c60609741ff8 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwlnkspx.sys : 55,936 : 04/14/2008 02:30 PM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwlnkspx.sys : 55,936 : 04/14/2008 02:30 PM : c0bb7d1615e1acbdc99757f6ceaf8cf0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\nwrdr.sys : 163,584 : 04/14/2008 02:30 PM : 36b9b950e3d2e100970a48d8bad86740 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\nwrdr.sys : 163,584 : 04/14/2008 02:30 PM : 36b9b950e3d2e100970a48d8bad86740 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\oprghdlr.sys : 3,456 : 04/14/2008 02:30 PM : 4bb30ddc53ebc76895e38694580cdfe9 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\p3.sys : 42,752 : 10/10/2012 09:21 PM : c90018bafdc7098619a4a95b046b30f3 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\parport.sys : 80,128 : 10/10/2012 09:21 PM : 5575faf8f97ce5e713d108c2a58d7c7c [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\partmgr.sys : 19,712 : 04/14/2008 02:30 PM : beb3ba25197665d82ec7065b724171c6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\partmgr.sys : 19,712 : 04/14/2008 02:30 PM : beb3ba25197665d82ec7065b724171c6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\parvdm.sys : 6,784 : 04/14/2008 02:30 PM : 70e98b3fd8e963a6a46a2e6247e0bea1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\parvdm.sys : 6,784 : 04/14/2008 02:30 PM : 70e98b3fd8e963a6a46a2e6247e0bea1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\pciidex.sys : 24,960 : 04/14/2008 08:40 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\pciidex.sys : 24,960 : 04/14/2008 08:40 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0004\DriverFiles\i386\pciidex.sys : 24,960 : 04/14/2008 01:40 AM : 52e60f29221d0d1ac16737e8dbf7c3e9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\pci.sys : 68,224 : 04/14/2008 08:36 AM : a219903ccf74233761d92bef471a07b1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\pci.sys : 68,224 : 04/14/2008 08:36 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0002\DriverFiles\i386\pci.sys : 68,224 : 04/14/2008 02:30 PM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0003\DriverFiles\i386\pci.sys : 68,224 : 04/14/2008 08:36 AM : a219903ccf74233761d92bef471a07b1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\pcmcia.sys : 120,192 : 04/14/2008 02:30 PM : 9e89ef60e9ee05e3f2eef2da7397f1c1 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\portcls.sys : 146,048 : 03/21/2008 11:35 AM : aef54bf915bf5c2ed1b856ef94e89721 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\portcls.sys : 146,048 : 03/21/2008 11:35 AM : aef54bf915bf5c2ed1b856ef94e89721 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0013\DriverFiles\i386\portcls.sys : 146,048 : 03/21/2008 10:35 AM : aef54bf915bf5c2ed1b856ef94e89721 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\processr.sys : 35,840 : 10/10/2012 09:21 PM : a32bebaf723557681bfc6bd93e98bd26 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\psched.sys : 70,272 : 10/10/2012 09:14 PM : d8e11d311785f89f1d70a28b0e879127 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\psched.sys : 70,272 : 10/10/2012 09:14 PM : d8e11d311785f89f1d70a28b0e879127 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ptilink.sys : 17,792 : 04/14/2008 02:30 PM : 80d317bd1c3dbc5d4fe7b1678c60cadd [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ptilink.sys : 17,792 : 04/14/2008 02:30 PM : 80d317bd1c3dbc5d4fe7b1678c60cadd [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rasacd.sys : 8,832 : 04/14/2008 02:30 PM : fe0d99d6f31e4fad8159f690d68ded9c [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rasacd.sys : 8,832 : 04/14/2008 02:30 PM : fe0d99d6f31e4fad8159f690d68ded9c [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rasl2tp.sys : 51,328 : 04/14/2008 02:30 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rasl2tp.sys : 51,328 : 04/14/2008 02:30 PM : 11b4a627bc9614b885c4969bfa5ff8a6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\raspppoe.sys : 41,472 : 04/14/2008 02:30 PM : 5bc962f2654137c9909c3d4603587dee [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\raspppoe.sys : 41,472 : 04/14/2008 02:30 PM : 5bc962f2654137c9909c3d4603587dee [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\raspptp.sys : 48,384 : 04/14/2008 02:30 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\raspptp.sys : 48,384 : 04/14/2008 02:30 PM : efeec01b1d3cf84f16ddd24d9d9d8f99 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\raspti.sys : 16,512 : 04/14/2008 02:30 PM : fdbb1d60066fcfbb7452fd8f9829b242 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\raspti.sys : 16,512 : 04/14/2008 02:30 PM : fdbb1d60066fcfbb7452fd8f9829b242 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rawwan.sys : 34,432 : 04/14/2008 02:30 PM : 01524cd237223b18adbb48f70083f101 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rawwan.sys : 34,432 : 04/14/2008 02:30 PM : 01524cd237223b18adbb48f70083f101 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rdbss.sys : 174,848 : 10/10/2012 09:14 PM : 77050c6615f6eb5402f832b27fd695e0 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rdbss.sys : 174,848 : 10/10/2012 09:14 PM : 77050c6615f6eb5402f832b27fd695e0 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rdpcdd.sys : 4,224 : 04/14/2008 02:30 PM : 4912d5b403614ce99c28420f75353332 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rdpcdd.sys : 4,224 : 04/14/2008 02:30 PM : 4912d5b403614ce99c28420f75353332 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rdpdr.sys : 195,712 : 09/05/2009 03:13 AM : 47ea20320e3d6fdc7b7bb22b2b881ca6 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\redbook.sys : 57,600 : 04/14/2008 01:40 AM : f828dd7e1419b6653894a8f97a0094c5 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\rmcast.sys : 203,776 : 10/10/2012 09:14 PM : 21f412dbfffe34d39287e13674db04f1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rmcast.sys : 203,776 : 10/10/2012 09:14 PM : 21f412dbfffe34d39287e13674db04f1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rndismp.sys : 30,592 : 04/14/2008 02:30 PM : 601844cbcf617ff8c868130ca5b2039d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rndismp.sys : 30,592 : 04/14/2008 02:30 PM : 601844cbcf617ff8c868130ca5b2039d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\rootmdm.sys : 5,888 : 04/14/2008 02:30 PM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\rootmdm.sys : 5,888 : 04/14/2008 02:30 PM : d8b0b4ade32574b2d9c5cc34dc0dbbe7 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\sdbus.sys : 79,232 : 04/14/2008 02:30 PM : 8d04819a3ce51b9eb47e5689b44d43c4 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\serenum.sys : 15,744 : 04/14/2008 02:30 PM : 0f29512ccd6bead730039fb4bd2c85ce [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\serial.sys : 64,512 : 04/14/2008 02:30 PM : cca207a8896d4c6a0c9ce29a4ae411a7 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\sffdisk.sys : 11,904 : 04/14/2008 02:30 PM : 0fa803c64df0914b41f807ea276bf2a6 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\sffp_sd.sys : 11,008 : 04/14/2008 02:30 PM : c17c331e435ed8737525c86a7557b3ac [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\sfloppy.sys : 11,392 : 04/14/2008 02:30 PM : 8e6b8c671615d126fdc553d1e2de5562 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\smclib.sys : 14,592 : 04/14/2008 02:30 PM : 017daecf0ed3aa731313433601ec40fa [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\smclib.sys : 14,592 : 04/14/2008 02:30 PM : 017daecf0ed3aa731313433601ec40fa [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\sonydcam.sys : 25,344 : 10/10/2012 09:21 PM : 489703624dac94ed943c2abda022a1cd [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\splitter.sys : 6,272 : 04/14/2008 08:45 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\splitter.sys : 6,272 : 04/14/2008 08:45 AM : ab8b92451ecb048a4d1de7c3ffcb4a9f [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\sr.sys : 73,472 : 04/14/2008 02:30 PM : 76bb022c2fb6902fd5bdd4f78fc13a5d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\sr.sys : 73,472 : 04/14/2008 02:30 PM : 76bb022c2fb6902fd5bdd4f78fc13a5d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\stream.sys : 49,408 : 04/13/2008 10:15 PM : 3e5d89099ded9e86e5639f411693218f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\stream.sys : 49,408 : 04/13/2008 10:15 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0013\DriverFiles\i386\stream.sys : 49,408 : 04/13/2008 09:15 PM : 3e5d89099ded9e86e5639f411693218f [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\swenum.sys : 4,352 : 10/10/2012 09:21 PM : 3941d127aef12e93addf6fe6ee027e0f [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\swmidi.sys : 56,576 : 04/14/2008 08:45 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\swmidi.sys : 56,576 : 04/14/2008 08:45 AM : 8ce882bcc6cf8a62f2b2323d95cb3d01 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\sysaudio.sys : 60,800 : 04/14/2008 09:15 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\sysaudio.sys : 60,800 : 04/14/2008 09:15 AM : 8b83f3ed0f1688b4958f77cd6d2bf290 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\tape.sys : 14,976 : 04/14/2008 02:30 PM : fd6093e3decd925f1cffc8a0dd539d72 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tape.sys : 14,976 : 04/14/2008 02:30 PM : fd6093e3decd925f1cffc8a0dd539d72 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\tcpip6.sys : 226,880 : 10/10/2012 09:15 PM : f4a3c6abe7818b1b53f58fa1adb605cd [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tcpip6.sys : 226,880 : 10/10/2012 09:15 PM : f4a3c6abe7818b1b53f58fa1adb605cd [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\tdi.sys : 19,072 : 04/14/2008 02:30 PM : 0539d5e53587f82d1b4fd74c5be205cf [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tdi.sys : 19,072 : 04/14/2008 02:30 PM : 0539d5e53587f82d1b4fd74c5be205cf [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\tdpipe.sys : 12,040 : 04/14/2008 02:30 PM : 6471a66807f5e104e4885f5b67349397 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tdpipe.sys : 12,040 : 04/14/2008 02:30 PM : 6471a66807f5e104e4885f5b67349397 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\tdtcp.sys : 22,024 : 10/10/2012 09:15 PM : c0578456f29e5f26285f81b7b71fe57d [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\tdtcp.sys : 22,024 : 10/10/2012 09:15 PM : c0578456f29e5f26285f81b7b71fe57d [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\termdd.sys : 40,840 : 04/14/2008 02:13 PM : 88155247177638048422893737429d9e [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\tosdvd.sys : 51,712 : 10/10/2012 09:20 PM : 699450901c5ccfd82357cbc531cedd23 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\tunmp.sys : 12,288 : 10/10/2012 09:21 PM : 8f861eda21c05857eb8197300a92501c [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\udfs.sys : 66,048 : 04/14/2008 02:30 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\udfs.sys : 66,048 : 04/14/2008 02:30 PM : 5787b80c2e3c5e2f56c2a233d91fa2c9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\update.sys : 384,768 : 04/14/2008 02:30 PM : 402ddc88356b1bac0ee3dd1580c76a31 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\update.sys : 384,768 : 04/14/2008 02:30 PM : 402ddc88356b1bac0ee3dd1580c76a31 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\usbcamd2.sys : 25,728 : 10/10/2012 09:21 PM : ce97845d2e3f0d274b8bac1ed07c6149 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\usbcamd.sys : 25,600 : 10/10/2012 09:21 PM : 1c1a47b40c23358245aa8d0443b6935e [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\usbehci.sys : 30,464 : 06/09/2009 01:26 AM : 52674b5dbee499342a599c7771abecaa [NoSig]
 +-> C:\WINDOWS.0\Driver Cache\i386\usbehci.sys : 30,336 : 03/18/2009 02:32 PM : 4bac8df07f1d8434fc640e677a62204e [Pos Repl]
 +-> C:\WINDOWS.0\system32\dllcache\usbehci.sys : 30,464 : 06/09/2009 01:26 AM : 52674b5dbee499342a599c7771abecaa [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0009\DriverFiles\i386\usbehci.sys : 30,464 : 10/10/2012 09:15 PM : 52674b5dbee499342a599c7771abecaa [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0005\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 02:30 PM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0006\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0007\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0008\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0009\DriverFiles\i386\usbhub.sys : 59,520 : 04/14/2008 08:45 AM : 1ab3cdde553b6e064d2e754efe20285c [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\usbintel.sys : 15,872 : 10/10/2012 09:21 PM : 290913dc4f1125e5a82de52579a44c43 [NoSig]
 
 * C:\WINDOWS.0\System32\drivers\USBSTOR.sys : 26,368 : 04/13/2008 10:15 PM : a32426d9b14a089eaa1d922e0c5801a9 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\usbstor.sys : 26,368 : 04/14/2008 08:45 AM : a32426d9b14a089eaa1d922e0c5801a9 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\usbuhci.sys : 20,608 : 04/14/2008 08:45 AM : 26496f9dee2d787fc3e61ad54821ffe6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\usbuhci.sys : 20,608 : 04/14/2008 08:45 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0005\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 02:30 PM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0006\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 08:45 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0007\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 08:45 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 +-> C:\WINDOWS.0\system32\ReinstallBackups\0008\DriverFiles\i386\usbuhci.sys : 20,608 : 04/14/2008 08:45 AM : 26496f9dee2d787fc3e61ad54821ffe6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\vga.sys : 20,992 : 04/14/2008 02:30 PM : 0d3a8fafceacd8b7625cd549757a7df1 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\vga.sys : 20,992 : 04/14/2008 02:30 PM : 0d3a8fafceacd8b7625cd549757a7df1 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\videoprt.sys : 81,664 : 04/14/2008 02:30 PM : e28726b72c46821a28830e077d39a55b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\videoprt.sys : 81,664 : 04/14/2008 02:30 PM : e28726b72c46821a28830e077d39a55b [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\volsnap.sys : 52,352 : 04/14/2008 02:30 PM : 4c8fcb5cc53aab716d810740fe59d025 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\volsnap.sys : 52,352 : 04/14/2008 02:30 PM : 4c8fcb5cc53aab716d810740fe59d025 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\wanarp.sys : 34,560 : 04/14/2008 02:30 PM : e20b95baedb550f32dd489265c1da1f6 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wanarp.sys : 34,560 : 04/14/2008 02:30 PM : e20b95baedb550f32dd489265c1da1f6 [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\wdmaud.sys : 83,072 : 04/14/2008 09:17 AM : 6768acf64b18196494413695f0c3a00f [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wdmaud.sys : 83,072 : 04/14/2008 09:17 AM : 6768acf64b18196494413695f0c3a00f [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\wmilib.sys : 4,352 : 04/14/2008 02:30 PM : 2f31b7f954bed437f2c75026c65caf7b [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\wmilib.sys : 4,352 : 04/14/2008 02:30 PM : 2f31b7f954bed437f2c75026c65caf7b [Pos Repl]
 
 * C:\WINDOWS.0\System32\drivers\ws2ifsl.sys : 12,032 : 04/14/2008 02:30 PM : 6abe6e225adb5a751622a9cc3bc19ce8 [NoSig]
 +-> C:\WINDOWS.0\system32\dllcache\ws2ifsl.sys : 12,032 : 04/14/2008 02:30 PM : 6abe6e225adb5a751622a9cc3bc19ce8 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 12/27/2015 11:07:56 PM
Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users