Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Server 2008 infected with malware - crypto miner


  • This topic is locked This topic is locked
17 replies to this topic

#1 virtuoso

virtuoso

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 18 January 2016 - 01:50 AM

Hi All,

 

I have an issue with a Windows Server 2008 64 bit that was infected with a crypto miner.

I ran Malwarebytes, Kaspersky, AVG to scan the server and some files were removed.

Now i have an issue where at startup. It seems the virus is trying to re-install itself.

I noticed the following :

 

At startup. The windows host files is replaced with one which block access to popular antivirus websites. Deleting the host file does not help since at next restart the host files with be replaced again.

At startup.IFEO entries are being added to registry to block execution of antivirus.

The virus create a file at C:Windows\Rdpinst

The virus create a file at C:\Windows\Temp:1

Windows Update has been disable and cannot update the OS

 

Deleting the registry entries and files does not help because it is being recreated at startup. I tried to find the origin service or program of the files and registry hijack but was unsucessful. Please i would be grateful if anyone can help.

 

Thanks

 

FRST Log below : 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by administrator (administrator) on MEA-HV1 (18-01-2016 09:25:25)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator & MsDtsServer110 & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Malwarebytes) C:\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avpui.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Embarcadero Technologies, Inc.) D:\RFID\2.Program\Middleware\scktsrvr.exe
() D:\RFID\2.Program\Middleware\Middle.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Bitplus Solution Ltd) C:\Bitplus\CommMaster\WinService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Farbar) C:\Users\Administrator\Desktop\FRST649.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2011-02-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3855272 2015-11-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\Policies\Explorer: [HideSCAHealth] 1
IFEO\Adaware_Installer.exe: [Debugger] msiexec.exe
IFEO\autoruns.exe: [Debugger] msiexec.exe
IFEO\autorunsc.exe: [Debugger] msiexec.exe
IFEO\avast_free_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_premier_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\AvetixSetup.exe: [Debugger] msiexec.exe
IFEO\avira_family_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\avira_ultimate_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\BavPro_Setup_Mini_GL.exe: [Debugger] msiexec.exe
IFEO\bitdefender_tsecurity.exe: [Debugger] msiexec.exe
IFEO\BullGuardDownloaderBPP.exe: [Debugger] msiexec.exe
IFEO\cispremium_installer.exe: [Debugger] msiexec.exe
IFEO\ClamAVSetup.exe: [Debugger] msiexec.exe
IFEO\cureit.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win-space.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win.exe: [Debugger] msiexec.exe
IFEO\EmsisoftEmergencyKit.exe: [Debugger] msiexec.exe
IFEO\EmsisoftInternetSecuritySetup.exe: [Debugger] msiexec.exe
IFEO\ess_trial32_rus.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstallerUpg.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller_IS-ESTORE-TRIAL-GLOBAL_.exe: [Debugger] msiexec.exe
IFEO\FRST.exe: [Debugger] msiexec.exe
IFEO\FRST64.exe: [Debugger] msiexec.exe
IFEO\HijackThis.exe: [Debugger] msiexec.exe
IFEO\HousecallLauncher.exe: [Debugger] msiexec.exe
IFEO\K7UltimateSecurity_installer.exe: [Debugger] msiexec.exe
IFEO\McAfeeSetup.exe: [Debugger] msiexec.exe
IFEO\md_setup_en.exe: [Debugger] msiexec.exe
IFEO\OnlineArmorSetup.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall_x64.exe: [Debugger] msiexec.exe
IFEO\PadvishAntivirusFree.exe: [Debugger] msiexec.exe
IFEO\PandaCloudAntivirus.exe: [Debugger] msiexec.exe
IFEO\ProcessHacker.exe: [Debugger] msiexec.exe
IFEO\procexp.exe: [Debugger] msiexec.exe
IFEO\PSafeAntivirusSetup.exe: [Debugger] msiexec.exe
IFEO\PSafeTotalSetup.exe: [Debugger] msiexec.exe
IFEO\QHTSFT64.EXE: [Debugger] msiexec.exe
IFEO\registry-life-setup.exe: [Debugger] msiexec.exe
IFEO\Roboscan_IS_Free_x64.exe: [Debugger] msiexec.exe
IFEO\SandboxieInstall.exe: [Debugger] msiexec.exe
IFEO\SecurityScan_Release.exe: [Debugger] msiexec.exe
IFEO\setup-vipre-internet-security-en-us-trial.exe: [Debugger] msiexec.exe
IFEO\SoftonicDownloader_for_panda-antivirus-pro.exe: [Debugger] msiexec.exe
IFEO\SpyShelter.exe: [Debugger] msiexec.exe
IFEO\stop-sign_install.exe: [Debugger] msiexec.exe
IFEO\Tiranium_antivirus_setup.exe: [Debugger] msiexec.exe
IFEO\TrojanHunterSetup.exe: [Debugger] msiexec.exe
IFEO\twister8_setup.exe: [Debugger] msiexec.exe
IFEO\UnThreatProSetup.exe: [Debugger] msiexec.exe
IFEO\Vba32.Vista.exe: [Debugger] msiexec.exe
IFEO\Wireshark.exe: [Debugger] msiexec.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk [2015-10-07]
ShortcutTarget: Start.lnk -> D:\RFID\5.Start\Start.bat ()
BootExecute: autocheck autochk * C:\Windows\Temp:1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{87C50C27-9EC5-4670-81EA-E106C93FA55A}: [NameServer] 8.8.8.8,196.46.104.2
Tcpip\..\Interfaces\{A3F590B9-EB91-4C80-BC14-3EF5A9A59D51}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f6hnh96x.default-1415178779253
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2012-03-07] (DVR)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [615584 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3857272 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-11-20] (AVG Technologies CZ, s.r.o.)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe [194000 2015-07-07] (Kaspersky Lab ZAO)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe [1994096 2012-01-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe [353648 2012-01-12] (Symantec Corporation)
R2 BitplusService; C:\Bitplus\CommMaster\WinService.exe [139264 2012-01-06] (Bitplus Solution Ltd) [File not signed]
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [269152 2011-03-09] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [174592 2011-03-08] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1356288 2011-02-18] (Hewlett-Packard Company) [File not signed]
S2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [16224 2011-03-09] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15976 2011-02-03] (Hewlett-Packard Company)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-21] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-21] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2011-01-06] (Hewlett-Packard Company) [File not signed]
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-21] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-21] (Microsoft Corporation)
S3 PDVFSService; C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe [301720 2012-03-30] ()
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-21] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2065408 2011-01-28] (Hewlett-Packard Company) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [256432 2015-11-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-07] (Kaspersky Lab UK Ltd)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2011-01-26] (Hewlett-Packard Company)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-21] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [157288 2010-08-10] (Hewlett-Packard Company)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44136 2010-07-29] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-07] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-07-07] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-07-07] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-07-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-07-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-07-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-07] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-07-07] (Kaspersky Lab ZAO)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-07-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-07-07] (Kaspersky Lab ZAO)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [103464 2011-02-22] (Broadcom Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U5 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 PDVFSDriver; C:\Windows\System32\drivers\pdfsd.sys [79480 2012-03-30] (Symantec Corporation)
S4 PDVFSNP; no ImagePath
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2016-01-17] ()
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [114296 2011-10-25] (Symantec Corporation)
U4 dmwappushsvc; no ImagePath
U4 WinDefend; no ImagePath
U4 wscsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 23:36 - 2016-01-17 23:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis1.exe
2016-01-17 23:25 - 2016-01-17 23:25 - 00003078 __RSH C:\ProgramData\ntuser.pol
2016-01-17 23:18 - 2016-01-17 23:18 - 00003022 _____ C:\Users\Administrator\Desktop\fixlist - Copy.txt
2016-01-17 21:42 - 2016-01-17 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\666A05D6.sys
2016-01-17 19:27 - 2016-01-17 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\63DE1EBE.sys
2016-01-17 14:49 - 2016-01-17 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2016-01-17 14:48 - 2016-01-17 14:48 - 00000896 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-17 14:48 - 2016-01-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-17 14:46 - 2016-01-18 07:30 - 00000000 ____D C:\ProgramData\MFAData
2016-01-17 14:46 - 2016-01-17 14:46 - 00000000 ___HD C:\$AVG
2016-01-17 14:46 - 2016-01-17 14:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\MFAData
2016-01-17 14:45 - 2016-01-17 14:46 - 00000000 ____D C:\ProgramData\Avg
2016-01-17 14:45 - 2016-01-17 14:46 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-17 14:39 - 2016-01-17 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg
2016-01-17 14:39 - 2016-01-17 14:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\AvgSetupLog
2016-01-17 08:22 - 2016-01-17 08:22 - 612368384 _____ C:\Users\Administrator\Desktop\Bootlog-20.pml
2016-01-17 08:22 - 2016-01-17 08:22 - 260046848 _____ C:\Users\Administrator\Desktop\Bootlog-21.pml
2016-01-17 08:21 - 2016-01-17 08:22 - 406847488 _____ C:\Users\Administrator\Desktop\Bootlog-19.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 247463936 _____ C:\Users\Administrator\Desktop\Bootlog-6.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 247463936 _____ C:\Users\Administrator\Desktop\Bootlog-5.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 230930338 _____ C:\Users\Administrator\Desktop\Bootlog-11.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 223389588 _____ C:\Users\Administrator\Desktop\Bootlog-14.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 218428165 _____ C:\Users\Administrator\Desktop\Bootlog-9.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 218103808 _____ C:\Users\Administrator\Desktop\Bootlog-12.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 218020913 _____ C:\Users\Administrator\Desktop\Bootlog-13.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 217087481 _____ C:\Users\Administrator\Desktop\Bootlog-10.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 213909504 _____ C:\Users\Administrator\Desktop\Bootlog-8.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 198651109 _____ C:\Users\Administrator\Desktop\Bootlog-15.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 196256306 _____ C:\Users\Administrator\Desktop\Bootlog-7.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 167772160 _____ C:\Users\Administrator\Desktop\Bootlog-18.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 156531330 _____ C:\Users\Administrator\Desktop\Bootlog-16.pml
2016-01-17 08:21 - 2016-01-17 08:21 - 156062926 _____ C:\Users\Administrator\Desktop\Bootlog-17.pml
2016-01-17 08:20 - 2016-01-17 08:21 - 369098752 _____ C:\Users\Administrator\Desktop\Bootlog-4.pml
2016-01-17 08:20 - 2016-01-17 08:20 - 570425344 _____ C:\Users\Administrator\Desktop\Bootlog-2.pml
2016-01-17 08:20 - 2016-01-17 08:20 - 432013312 _____ C:\Users\Administrator\Desktop\Bootlog-3.pml
2016-01-17 08:20 - 2016-01-17 08:20 - 381681664 _____ C:\Users\Administrator\Desktop\Bootlog-1.pml
2016-01-17 08:20 - 2016-01-17 08:20 - 264241152 _____ C:\Users\Administrator\Desktop\Bootlog.pml
2016-01-17 08:02 - 2016-01-17 08:02 - 00000000 ____D C:\Users\Administrator\Desktop\processmonitor
2016-01-17 08:00 - 2016-01-17 07:54 - 00967601 _____ C:\Users\Administrator\Desktop\processmonitor.zip
2016-01-17 00:57 - 2016-01-17 00:57 - 00000000 ____D C:\Windows\pss
2016-01-16 16:47 - 2016-01-16 16:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2016-01-16 16:13 - 2016-01-16 16:13 - 00039815 _____ C:\ProgramData\1452936178.bdinstall.bin
2016-01-16 14:17 - 2016-01-17 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\024962E9.sys
2016-01-16 00:48 - 2016-01-16 00:48 - 00032256 _____ C:\ProgramData\1452894508.bdinstall.bin
2016-01-16 00:48 - 2016-01-16 00:48 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-16 00:42 - 2016-01-18 09:25 - 00022749 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-01-16 00:41 - 2016-01-16 00:41 - 00039502 _____ C:\ProgramData\1452894073.9672.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 00028249 _____ C:\ProgramData\1452894073.4152.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 00003818 _____ C:\ProgramData\1452894073.7312.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 00002398 _____ C:\ProgramData\1452894073.9224.bin
2016-01-16 00:24 - 2016-01-16 00:24 - 00789688 _____ C:\Users\Administrator\Desktop\scan.html
2016-01-16 00:09 - 2016-01-17 07:49 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-16 00:09 - 2016-01-16 00:24 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-16 00:02 - 2016-01-16 00:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-16 00:02 - 2016-01-16 00:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-15 23:38 - 2016-01-15 23:38 - 00000987 _____ C:\Users\Administrator\Desktop\Install Kaspersky Small Office Security version 15.0.2.361.lnk
2016-01-15 23:37 - 2016-01-15 23:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-15 23:33 - 2016-01-17 23:09 - 00005040 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-01-15 23:33 - 2016-01-17 23:08 - 00000000 ____D C:\Users\Administrator\Desktop\rkill
2016-01-15 23:08 - 2016-01-15 23:10 - 00000000 ____D C:\Users\Administrator\Desktop\archive
2016-01-15 13:25 - 2016-01-15 13:25 - 00302011 _____ C:\Users\Administrator\Desktop\WindowsUpdateDiagnostic.diagcab
2016-01-14 15:45 - 2016-01-14 15:45 - 00000000 ____D C:\KVRT_Data
2016-01-13 16:09 - 2016-01-13 16:09 - 00084784 _____ C:\Users\ta.operator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-13 12:38 - 2016-01-13 12:38 - 00002120 _____ C:\Users\Public\Desktop\Kaspersky Small Office Security.lnk
2016-01-13 12:38 - 2016-01-13 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Small Office Security
2016-01-13 12:38 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-01-13 12:35 - 2016-01-18 08:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-13 12:35 - 2016-01-13 12:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-13 12:31 - 2015-07-07 23:49 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2016-01-13 12:31 - 2015-07-07 23:49 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2016-01-13 12:31 - 2015-07-07 23:49 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2016-01-13 11:11 - 2016-01-13 11:13 - 01603184 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\ksos15.0.2.361en_8257.exe
2016-01-13 09:39 - 2016-01-13 09:39 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-13 09:39 - 2016-01-13 09:39 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-13 09:39 - 2016-01-13 09:39 - 00000000 ____D C:\Program Files\CCleaner
2016-01-13 09:21 - 2016-01-13 09:36 - 06805440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup513.exe
2016-01-13 09:04 - 2016-01-13 16:07 - 00000942 __RSH C:\Users\ta.operator\ntuser.pol
2016-01-13 09:04 - 2016-01-13 16:07 - 00000000 ____D C:\Users\ta.operator
2016-01-13 09:04 - 2016-01-13 09:04 - 00001373 _____ C:\Users\ta.operator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 09:04 - 2016-01-13 09:04 - 00000020 ___SH C:\Users\ta.operator\ntuser.ini
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\My Documents
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Videos
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Pictures
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Music
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 ____D C:\Users\ta.operator\AppData\Roaming\Adobe
2016-01-13 09:04 - 2015-08-26 14:43 - 00001140 _____ C:\Users\ta.operator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-13 09:04 - 2014-04-16 09:34 - 00000000 ____D C:\Users\ta.operator\AppData\Local\Google
2016-01-13 09:04 - 2013-12-05 17:03 - 00002709 _____ C:\Users\ta.operator\Desktop\CommMaster.exe.lnk
2016-01-13 09:04 - 2013-12-05 16:44 - 00001126 _____ C:\Users\ta.operator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-13 02:47 - 2016-01-13 02:47 - 00032256 _____ C:\ProgramData\1452642441.bdinstall.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 00039535 _____ C:\ProgramData\1452641293.7204.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 00028130 _____ C:\ProgramData\1452641293.8540.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 00004304 _____ C:\ProgramData\1452641293.8760.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 00003549 _____ C:\ProgramData\1452641293.7244.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 00037220 _____ C:\ProgramData\1452640700.7524.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 00001457 _____ C:\ProgramData\1452640700.7912.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 00000262 _____ C:\ProgramData\1452640700.7916.bin
2016-01-13 01:03 - 2016-01-18 09:25 - 00000000 ____D C:\FRST
2016-01-13 00:46 - 2016-01-12 23:23 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST649.exe
2016-01-13 00:33 - 2016-01-13 00:33 - 00032256 _____ C:\ProgramData\1452634385.bdinstall.bin
2016-01-13 00:30 - 2016-01-13 00:32 - 00039473 _____ C:\ProgramData\1452634200.4532.bin
2016-01-13 00:30 - 2016-01-13 00:32 - 00003518 _____ C:\ProgramData\1452634200.5828.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 00028544 _____ C:\ProgramData\1452634200.7140.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 00002462 _____ C:\ProgramData\1452634200.6920.bin
2016-01-13 00:28 - 2016-01-18 08:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 00:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-QTA0N.tmp
2016-01-13 00:27 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-12 23:58 - 2016-01-12 23:59 - 05200384 _____ (AVAST Software) C:\Users\Administrator\Downloads\aswmbr.exe
2016-01-12 23:49 - 2016-01-12 23:58 - 00975760 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.49.31_log.txt
2016-01-12 23:44 - 2016-01-12 23:47 - 00029726 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.44.53_log.txt
2016-01-12 23:19 - 2016-01-12 23:39 - 03052590 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.19.57_log.txt
2016-01-12 23:12 - 2016-01-12 23:15 - 00004758 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.12.03_log.txt
2016-01-12 23:05 - 2016-01-12 23:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-12 23:00 - 2016-01-12 23:06 - 00785246 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.00.00_log.txt
2016-01-12 22:28 - 2016-01-12 22:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28492206.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\311B1F75.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0B351F5F.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\73D678A1.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\6FC178B5.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\49DA789E.sys
2016-01-12 21:23 - 2016-01-12 21:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28D97070.sys
2016-01-12 10:25 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET2A1D.tmp
2016-01-12 10:25 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-01-12 10:19 - 2016-01-12 10:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\QuickScan
2016-01-12 10:18 - 2016-01-12 10:19 - 10447328 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition_x64.exe
2016-01-12 09:55 - 2016-01-12 09:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-01-12 09:52 - 2016-01-12 09:53 - 00162208 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition.exe
2016-01-12 09:26 - 2016-01-13 00:28 - 00000701 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-12 09:26 - 2016-01-13 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-12 09:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-12 09:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-12 09:18 - 2016-01-13 00:28 - 00000000 ____D C:\Malwarebytes Anti-Malware
2016-01-12 09:18 - 2016-01-12 09:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-12 08:43 - 2016-01-12 22:36 - 00000000 ____D C:\AdwCleaner
2016-01-12 08:30 - 2016-01-11 14:20 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-01-08 14:40 - 2016-01-08 14:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-08 13:15 - 2016-01-08 13:56 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 13:05 - 2016-01-08 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-08 12:03 - 2015-11-22 07:52 - 00001281 _____ C:\Users\Administrator\Desktop\Report Center.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:52 - 00001249 _____ C:\Users\Administrator\Desktop\E-Inspector.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:51 - 00001301 _____ C:\Users\Administrator\Desktop\Control Center.exe.lnk
2016-01-08 12:03 - 2015-10-07 19:56 - 00000997 _____ C:\Users\Administrator\Desktop\Start.lnk
2016-01-08 12:03 - 2015-08-26 14:43 - 00001140 _____ C:\Users\Administrator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-08 12:03 - 2015-07-25 07:34 - 00001216 _____ C:\Users\Administrator\Desktop\LicencingServiceHandle.exe - Shortcut.lnk
2016-01-08 12:03 - 2014-03-26 17:26 - 00001455 _____ C:\Users\Administrator\Desktop\Google Drive.lnk
2016-01-08 12:03 - 2013-12-05 17:03 - 00002709 _____ C:\Users\Administrator\Desktop\CommMaster.exe.lnk
2016-01-08 12:03 - 2013-12-05 16:44 - 00001126 _____ C:\Users\Administrator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-08 11:18 - 2016-01-17 23:25 - 00000498 __RSH C:\Users\Administrator\ntuser.pol
2016-01-08 10:26 - 2016-01-08 10:43 - 02113152 _____ C:\Users\Administrator\Downloads\PANDAFREEAV.exe
2016-01-05 07:00 - 2016-01-05 07:00 - 00000005 _____ C:\Windows\SysWOW64\uin_v5.txt
2016-01-04 20:04 - 2016-01-04 20:04 - 00000000 _____ C:\Windows\system32\tasklist.tmp
2015-12-21 06:15 - 2015-12-21 06:15 - 00021346 _____ C:\Users\wing\Documents\MO-05936-8261584JAX.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-18 09:10 - 2013-12-05 17:01 - 00000196 _____ C:\Windows\ODBC.INI
2016-01-18 09:08 - 2012-09-21 12:15 - 00006944 _____ C:\Windows\system32\config\netlogon.dnb
2016-01-18 09:08 - 2012-09-21 12:15 - 00002215 _____ C:\Windows\system32\config\netlogon.dns
2016-01-18 08:47 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 08:47 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 08:43 - 2013-09-17 11:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-18 08:42 - 2009-07-14 08:10 - 01167700 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-18 08:42 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-01-18 08:40 - 2009-07-14 06:20 - 00000000 ____D C:\Windows
2016-01-18 08:33 - 2012-09-21 12:09 - 00000000 ____D C:\Windows\system32\dns
2016-01-18 08:31 - 2012-09-21 12:10 - 00000000 ____D C:\Windows\NTDS
2016-01-18 08:31 - 2009-07-14 08:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 07:34 - 2013-12-05 17:05 - 00002178 _____ C:\Windows\system32\ocxTaps.ocx
2016-01-17 23:25 - 2012-01-05 08:51 - 00000000 ___RD C:\Users\Administrator
2016-01-17 23:18 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-17 18:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system
2016-01-17 07:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2016-01-16 00:01 - 2009-07-14 07:49 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-15 13:28 - 2012-09-25 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-01-14 14:51 - 2012-09-21 12:03 - 00000000 ____D C:\Windows\ADWS
2016-01-13 12:38 - 2014-10-01 16:12 - 00000000 ____D C:\Users\Lori
2016-01-13 11:59 - 2012-09-20 12:43 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2016-01-13 09:46 - 2012-12-06 19:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-01-13 09:46 - 2012-01-06 00:39 - 00000000 ____D C:\Windows\Panther
2016-01-13 02:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Cursors
2016-01-12 23:42 - 2012-09-26 12:26 - 00000000 ____D C:\Program Files\Symantec
2016-01-12 23:42 - 2012-09-26 12:25 - 00000000 ____D C:\ProgramData\Symantec
2016-01-12 23:42 - 2012-01-05 08:55 - 00000000 ____D C:\Windows\system32\CPQNiMgt
2016-01-12 11:25 - 2013-12-05 16:55 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio Express
2016-01-08 13:14 - 2012-10-23 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 09:38 - 2012-09-20 10:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-05 07:10 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\security
2015-12-30 10:02 - 2015-09-18 05:48 - 00000049 _____ C:\Users\Administrator\Documents\LoginUser.ini
2015-12-21 05:22 - 2015-11-24 13:07 - 00000035 _____ C:\Users\wing\Documents\LoginUser.ini
 
==================== Files in the root of some directories =======
 
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2016-01-13 00:30 - 2016-01-13 00:32 - 0039473 _____ () C:\ProgramData\1452634200.4532.bin
2016-01-13 00:30 - 2016-01-13 00:32 - 0003518 _____ () C:\ProgramData\1452634200.5828.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0002462 _____ () C:\ProgramData\1452634200.6920.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0028544 _____ () C:\ProgramData\1452634200.7140.bin
2016-01-13 00:33 - 2016-01-13 00:33 - 0032256 _____ () C:\ProgramData\1452634385.bdinstall.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0037220 _____ () C:\ProgramData\1452640700.7524.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0001457 _____ () C:\ProgramData\1452640700.7912.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0000262 _____ () C:\ProgramData\1452640700.7916.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0039535 _____ () C:\ProgramData\1452641293.7204.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0003549 _____ () C:\ProgramData\1452641293.7244.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0028130 _____ () C:\ProgramData\1452641293.8540.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0004304 _____ () C:\ProgramData\1452641293.8760.bin
2016-01-13 02:47 - 2016-01-13 02:47 - 0032256 _____ () C:\ProgramData\1452642441.bdinstall.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0028249 _____ () C:\ProgramData\1452894073.4152.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0003818 _____ () C:\ProgramData\1452894073.7312.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0002398 _____ () C:\ProgramData\1452894073.9224.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0039502 _____ () C:\ProgramData\1452894073.9672.bin
2016-01-16 00:48 - 2016-01-16 00:48 - 0032256 _____ () C:\ProgramData\1452894508.bdinstall.bin
2016-01-16 16:13 - 2016-01-16 16:13 - 0039815 _____ () C:\ProgramData\1452936178.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 00:06
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 20 January 2016 - 09:31 PM

Greetings virtuoso and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am not familiar with Server 2008 but we will see what we can do.

Do you recoginze these:

Tanzania Telecommunications Co Ltd
Bitplus Solution Ltd
D:\RFID\2.Program\Middleware


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
IFEO\Adaware_Installer.exe: [Debugger] msiexec.exe
IFEO\autoruns.exe: [Debugger] msiexec.exe
IFEO\autorunsc.exe: [Debugger] msiexec.exe
IFEO\avast_free_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_premier_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\AvetixSetup.exe: [Debugger] msiexec.exe
IFEO\avira_family_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\avira_ultimate_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\BavPro_Setup_Mini_GL.exe: [Debugger] msiexec.exe
IFEO\bitdefender_tsecurity.exe: [Debugger] msiexec.exe
IFEO\BullGuardDownloaderBPP.exe: [Debugger] msiexec.exe
IFEO\cispremium_installer.exe: [Debugger] msiexec.exe
IFEO\ClamAVSetup.exe: [Debugger] msiexec.exe
IFEO\cureit.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win-space.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win.exe: [Debugger] msiexec.exe
IFEO\EmsisoftEmergencyKit.exe: [Debugger] msiexec.exe
IFEO\EmsisoftInternetSecuritySetup.exe: [Debugger] msiexec.exe
IFEO\ess_trial32_rus.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstallerUpg.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller_IS-ESTORE-TRIAL-GLOBAL_.exe: [Debugger] msiexec.exe
IFEO\FRST.exe: [Debugger] msiexec.exe
IFEO\FRST64.exe: [Debugger] msiexec.exe
IFEO\HijackThis.exe: [Debugger] msiexec.exe
IFEO\HousecallLauncher.exe: [Debugger] msiexec.exe
IFEO\K7UltimateSecurity_installer.exe: [Debugger] msiexec.exe
IFEO\McAfeeSetup.exe: [Debugger] msiexec.exe
IFEO\md_setup_en.exe: [Debugger] msiexec.exe
IFEO\OnlineArmorSetup.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall_x64.exe: [Debugger] msiexec.exe
IFEO\PadvishAntivirusFree.exe: [Debugger] msiexec.exe
IFEO\PandaCloudAntivirus.exe: [Debugger] msiexec.exe
IFEO\ProcessHacker.exe: [Debugger] msiexec.exe
IFEO\procexp.exe: [Debugger] msiexec.exe
IFEO\PSafeAntivirusSetup.exe: [Debugger] msiexec.exe
IFEO\PSafeTotalSetup.exe: [Debugger] msiexec.exe
IFEO\QHTSFT64.EXE: [Debugger] msiexec.exe
IFEO\registry-life-setup.exe: [Debugger] msiexec.exe
IFEO\Roboscan_IS_Free_x64.exe: [Debugger] msiexec.exe
IFEO\SandboxieInstall.exe: [Debugger] msiexec.exe
IFEO\SecurityScan_Release.exe: [Debugger] msiexec.exe
IFEO\setup-vipre-internet-security-en-us-trial.exe: [Debugger] msiexec.exe
IFEO\SoftonicDownloader_for_panda-antivirus-pro.exe: [Debugger] msiexec.exe
IFEO\SpyShelter.exe: [Debugger] msiexec.exe
IFEO\stop-sign_install.exe: [Debugger] msiexec.exe
IFEO\Tiranium_antivirus_setup.exe: [Debugger] msiexec.exe
IFEO\TrojanHunterSetup.exe: [Debugger] msiexec.exe
IFEO\twister8_setup.exe: [Debugger] msiexec.exe
IFEO\UnThreatProSetup.exe: [Debugger] msiexec.exe
IFEO\Vba32.Vista.exe: [Debugger] msiexec.exe
IFEO\Wireshark.exe: [Debugger] msiexec.exe
BootExecute: autocheck autochk * C:\Windows\Temp:1
S4 PDVFSNP; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 WinDefend; no ImagePath
U4 wscsvc; no ImagePath
2016-01-13 00:30 - 2016-01-13 00:32 - 0039473 _____ () C:\ProgramData\1452634200.4532.bin
2016-01-13 00:30 - 2016-01-13 00:32 - 0003518 _____ () C:\ProgramData\1452634200.5828.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0002462 _____ () C:\ProgramData\1452634200.6920.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0028544 _____ () C:\ProgramData\1452634200.7140.bin
2016-01-13 00:33 - 2016-01-13 00:33 - 0032256 _____ () C:\ProgramData\1452634385.bdinstall.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0037220 _____ () C:\ProgramData\1452640700.7524.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0001457 _____ () C:\ProgramData\1452640700.7912.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0000262 _____ () C:\ProgramData\1452640700.7916.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0039535 _____ () C:\ProgramData\1452641293.7204.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0003549 _____ () C:\ProgramData\1452641293.7244.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0028130 _____ () C:\ProgramData\1452641293.8540.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0004304 _____ () C:\ProgramData\1452641293.8760.bin
2016-01-13 02:47 - 2016-01-13 02:47 - 0032256 _____ () C:\ProgramData\1452642441.bdinstall.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0028249 _____ () C:\ProgramData\1452894073.4152.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0003818 _____ () C:\ProgramData\1452894073.7312.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0002398 _____ () C:\ProgramData\1452894073.9224.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0039502 _____ () C:\ProgramData\1452894073.9672.bin
2016-01-16 00:48 - 2016-01-16 00:48 - 0032256 _____ () C:\ProgramData\1452894508.bdinstall.bin
2016-01-16 16:13 - 2016-01-16 16:13 - 0039815 _____ () C:\ProgramData\1452936178.bdinstall.bin
2016-01-12 10:25 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET2A1D.tmp
2016-01-04 20:04 - 2016-01-04 20:04 - 00000000 _____ C:\Windows\system32\tasklist.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure to place a check mark in Addition.txt and post both reports
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Do you recoginze information?
  • FRST report
  • Addition.txt report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 22 January 2016 - 11:45 PM

Hi Gary,
 
I am Kevin. Thanks for the help. 
 
Firstly, Yes i do recognize the below apps. 
 
Tanzania Telecommunications Co Ltd
Bitplus Solution Ltd
D:\RFID\2.Program\Middleware
 
Those are custom software that we purchased.
 
Fixlog Report : 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by administrator (2016-01-22 09:03:18) Run:7
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ta.operator & administrator & MsDtsServer110 & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
IFEO\Adaware_Installer.exe: [Debugger] msiexec.exe
IFEO\autoruns.exe: [Debugger] msiexec.exe
IFEO\autorunsc.exe: [Debugger] msiexec.exe
IFEO\avast_free_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_premier_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\AvetixSetup.exe: [Debugger] msiexec.exe
IFEO\avira_family_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\avira_ultimate_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\BavPro_Setup_Mini_GL.exe: [Debugger] msiexec.exe
IFEO\bitdefender_tsecurity.exe: [Debugger] msiexec.exe
IFEO\BullGuardDownloaderBPP.exe: [Debugger] msiexec.exe
IFEO\cispremium_installer.exe: [Debugger] msiexec.exe
IFEO\ClamAVSetup.exe: [Debugger] msiexec.exe
IFEO\cureit.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win-space.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win.exe: [Debugger] msiexec.exe
IFEO\EmsisoftEmergencyKit.exe: [Debugger] msiexec.exe
IFEO\EmsisoftInternetSecuritySetup.exe: [Debugger] msiexec.exe
IFEO\ess_trial32_rus.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstallerUpg.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller_IS-ESTORE-TRIAL-GLOBAL_.exe: [Debugger] msiexec.exe
IFEO\FRST.exe: [Debugger] msiexec.exe
IFEO\FRST64.exe: [Debugger] msiexec.exe
IFEO\HijackThis.exe: [Debugger] msiexec.exe
IFEO\HousecallLauncher.exe: [Debugger] msiexec.exe
IFEO\K7UltimateSecurity_installer.exe: [Debugger] msiexec.exe
IFEO\McAfeeSetup.exe: [Debugger] msiexec.exe
IFEO\md_setup_en.exe: [Debugger] msiexec.exe
IFEO\OnlineArmorSetup.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall_x64.exe: [Debugger] msiexec.exe
IFEO\PadvishAntivirusFree.exe: [Debugger] msiexec.exe
IFEO\PandaCloudAntivirus.exe: [Debugger] msiexec.exe
IFEO\ProcessHacker.exe: [Debugger] msiexec.exe
IFEO\procexp.exe: [Debugger] msiexec.exe
IFEO\PSafeAntivirusSetup.exe: [Debugger] msiexec.exe
IFEO\PSafeTotalSetup.exe: [Debugger] msiexec.exe
IFEO\QHTSFT64.EXE: [Debugger] msiexec.exe
IFEO\registry-life-setup.exe: [Debugger] msiexec.exe
IFEO\Roboscan_IS_Free_x64.exe: [Debugger] msiexec.exe
IFEO\SandboxieInstall.exe: [Debugger] msiexec.exe
IFEO\SecurityScan_Release.exe: [Debugger] msiexec.exe
IFEO\setup-vipre-internet-security-en-us-trial.exe: [Debugger] msiexec.exe
IFEO\SoftonicDownloader_for_panda-antivirus-pro.exe: [Debugger] msiexec.exe
IFEO\SpyShelter.exe: [Debugger] msiexec.exe
IFEO\stop-sign_install.exe: [Debugger] msiexec.exe
IFEO\Tiranium_antivirus_setup.exe: [Debugger] msiexec.exe
IFEO\TrojanHunterSetup.exe: [Debugger] msiexec.exe
IFEO\twister8_setup.exe: [Debugger] msiexec.exe
IFEO\UnThreatProSetup.exe: [Debugger] msiexec.exe
IFEO\Vba32.Vista.exe: [Debugger] msiexec.exe
IFEO\Wireshark.exe: [Debugger] msiexec.exe
BootExecute: autocheck autochk * C:\Windows\Temp:1
S4 PDVFSNP; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 WinDefend; no ImagePath
U4 wscsvc; no ImagePath
2016-01-13 00:30 - 2016-01-13 00:32 - 0039473 _____ () C:\ProgramData\1452634200.4532.bin
2016-01-13 00:30 - 2016-01-13 00:32 - 0003518 _____ () C:\ProgramData\1452634200.5828.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0002462 _____ () C:\ProgramData\1452634200.6920.bin
2016-01-13 00:30 - 2016-01-13 00:30 - 0028544 _____ () C:\ProgramData\1452634200.7140.bin
2016-01-13 00:33 - 2016-01-13 00:33 - 0032256 _____ () C:\ProgramData\1452634385.bdinstall.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0037220 _____ () C:\ProgramData\1452640700.7524.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0001457 _____ () C:\ProgramData\1452640700.7912.bin
2016-01-13 02:18 - 2016-01-13 02:18 - 0000262 _____ () C:\ProgramData\1452640700.7916.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0039535 _____ () C:\ProgramData\1452641293.7204.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0003549 _____ () C:\ProgramData\1452641293.7244.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0028130 _____ () C:\ProgramData\1452641293.8540.bin
2016-01-13 02:28 - 2016-01-13 02:28 - 0004304 _____ () C:\ProgramData\1452641293.8760.bin
2016-01-13 02:47 - 2016-01-13 02:47 - 0032256 _____ () C:\ProgramData\1452642441.bdinstall.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0028249 _____ () C:\ProgramData\1452894073.4152.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0003818 _____ () C:\ProgramData\1452894073.7312.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0002398 _____ () C:\ProgramData\1452894073.9224.bin
2016-01-16 00:41 - 2016-01-16 00:41 - 0039502 _____ () C:\ProgramData\1452894073.9672.bin
2016-01-16 00:48 - 2016-01-16 00:48 - 0032256 _____ () C:\ProgramData\1452894508.bdinstall.bin
2016-01-16 16:13 - 2016-01-16 16:13 - 0039815 _____ () C:\ProgramData\1452936178.bdinstall.bin
2016-01-12 10:25 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET2A1D.tmp
2016-01-04 20:04 - 2016-01-04 20:04 - 00000000 _____ C:\Windows\system32\tasklist.tmp
*****************
 
"HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Adaware_Installer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\autoruns.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\autorunsc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avast_free_antivirus_setup_online.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avast_internet_security_setup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avast_internet_security_setup_online.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avast_premier_antivirus_setup_online.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvetixSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avira_family_protection_suite_ru.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avira_ultimate_protection_suite_ru.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BavPro_Setup_Mini_GL.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitdefender_tsecurity.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\BullGuardDownloaderBPP.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cispremium_installer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ClamAVSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cureit.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\drweb-900-win-space.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\drweb-900-win.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EmsisoftEmergencyKit.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EmsisoftInternetSecuritySetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ess_trial32_rus.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\F-SecureNetworkInstaller.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\F-SecureNetworkInstallerUpg.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\F-SecureNetworkInstaller_IS-ESTORE-TRIAL-GLOBAL_.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\FRST64.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HijackThis.exe => key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\HousecallLauncher.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\K7UltimateSecurity_installer.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\McAfeeSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\md_setup_en.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OnlineArmorSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OutpostSecuritySuiteProInstall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OutpostSecuritySuiteProInstall_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PadvishAntivirusFree.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PandaCloudAntivirus.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ProcessHacker.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\procexp.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSafeAntivirusSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\PSafeTotalSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\QHTSFT64.EXE" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\registry-life-setup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Roboscan_IS_Free_x64.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SandboxieInstall.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SecurityScan_Release.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\setup-vipre-internet-security-en-us-trial.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SoftonicDownloader_for_panda-antivirus-pro.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SpyShelter.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stop-sign_install.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Tiranium_antivirus_setup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\TrojanHunterSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\twister8_setup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UnThreatProSetup.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Vba32.Vista.exe" => key removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Wireshark.exe => key not found. 
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
PDVFSNP => service removed successfully
dmwappushsvc => service removed successfully
WinDefend => service removed successfully
wscsvc => service removed successfully
C:\ProgramData\1452634200.4532.bin => moved successfully
C:\ProgramData\1452634200.5828.bin => moved successfully
C:\ProgramData\1452634200.6920.bin => moved successfully
C:\ProgramData\1452634200.7140.bin => moved successfully
C:\ProgramData\1452634385.bdinstall.bin => moved successfully
C:\ProgramData\1452640700.7524.bin => moved successfully
C:\ProgramData\1452640700.7912.bin => moved successfully
C:\ProgramData\1452640700.7916.bin => moved successfully
C:\ProgramData\1452641293.7204.bin => moved successfully
C:\ProgramData\1452641293.7244.bin => moved successfully
C:\ProgramData\1452641293.8540.bin => moved successfully
C:\ProgramData\1452641293.8760.bin => moved successfully
C:\ProgramData\1452642441.bdinstall.bin => moved successfully
C:\ProgramData\1452894073.4152.bin => moved successfully
C:\ProgramData\1452894073.7312.bin => moved successfully
C:\ProgramData\1452894073.9224.bin => moved successfully
C:\ProgramData\1452894073.9672.bin => moved successfully
C:\ProgramData\1452894508.bdinstall.bin => moved successfully
C:\ProgramData\1452936178.bdinstall.bin => moved successfully
C:\Windows\system32\Drivers\SET2A1D.tmp => moved successfully
C:\Windows\system32\tasklist.tmp => moved successfully
 
==== End of Fixlog 09:03:19 ====


#4 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 22 January 2016 - 11:48 PM

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by administrator (administrator) on MEA-HV1 (22-01-2016 09:04:36)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ta.operator & administrator & MsDtsServer110 & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
(Bitplus Solution Ltd) C:\Bitplus\CommMaster\WinService.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
() C:\Bitplus\CommMaster\DownloadData.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Bitplus Solutions Ltd) C:\Bitplus\PayMaster\TA Master.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\Administrator\Desktop\FRST649.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2011-02-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\Policies\Explorer: [HideSCAHealth] 1
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{87C50C27-9EC5-4670-81EA-E106C93FA55A}: [NameServer] 8.8.8.8,196.46.104.2
Tcpip\..\Interfaces\{A3F590B9-EB91-4C80-BC14-3EF5A9A59D51}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2966851551-1307263621-31438361-1157\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardUser.htm
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Software\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/HardAdmin.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f6hnh96x.default-1415178779253
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2012-03-07] (DVR)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"360AntiHacker" => service was unlocked. <===== ATTENTION
"360AvFlt" => service was unlocked. <===== ATTENTION
"360Box" => service was unlocked. <===== ATTENTION
"360Box64" => service was unlocked. <===== ATTENTION
"360Camera" => service was unlocked. <===== ATTENTION
"360fsflt" => service was unlocked. <===== ATTENTION
"360rp" => service was unlocked. <===== ATTENTION
"360SelfProtection" => service was unlocked. <===== ATTENTION
"a2acc" => service was unlocked. <===== ATTENTION
"a2AntiMalware" => service was unlocked. <===== ATTENTION
"A2DDA" => service was unlocked. <===== ATTENTION
"a2injectiondriver" => service was unlocked. <===== ATTENTION
"a2util" => service was unlocked. <===== ATTENTION
"AAVScan" => service was unlocked. <===== ATTENTION
"AAVService" => service was unlocked. <===== ATTENTION
"ABConfSV" => service was unlocked. <===== ATTENTION
"ABFLT" => service was unlocked. <===== ATTENTION
"ABMainSV" => service was unlocked. <===== ATTENTION
"ABndis" => service was unlocked. <===== ATTENTION
"ABndisMP" => service was unlocked. <===== ATTENTION
"ABWFP" => service was unlocked. <===== ATTENTION
"acssrv" => service was unlocked. <===== ATTENTION
"AFW" => service was unlocked. <===== ATTENTION
"afwcore" => service was unlocked. <===== ATTENTION
"AhnActNt" => service was unlocked. <===== ATTENTION
"AhnFlt2K" => service was unlocked. <===== ATTENTION
"AhnRec2K" => service was unlocked. <===== ATTENTION
"AhnRghNt" => service was unlocked. <===== ATTENTION
"AhnSZE" => service was unlocked. <===== ATTENTION
"ALE_NF" => service was unlocked. <===== ATTENTION
"AmFSM" => service was unlocked. <===== ATTENTION
"Amnpardaz Filter" => service was unlocked. <===== ATTENTION
"AMonLWLH" => service was unlocked. <===== ATTENTION
"AMonTDLH" => service was unlocked. <===== ATTENTION
"Amsp" => service was unlocked. <===== ATTENTION
"AntiVirMailService" => service was unlocked. <===== ATTENTION
"AntiVirSchedulerService" => service was unlocked. <===== ATTENTION
"AntiVirService" => service was unlocked. <===== ATTENTION
"AntiVirWebService" => service was unlocked. <===== ATTENTION
"APPFLT" => service was unlocked. <===== ATTENTION
"Application Updater" => service was unlocked. <===== ATTENTION
"apspDriver" => service was unlocked. <===== ATTENTION
"ArcaRemoteService" => service was unlocked. <===== ATTENTION
"arcawfp" => service was unlocked. <===== ATTENTION
"asd2fsm" => service was unlocked. <===== ATTENTION
"ASD2Svc" => service was unlocked. <===== ATTENTION
"Asdids" => service was unlocked. <===== ATTENTION
"aswHwid" => service was unlocked. <===== ATTENTION
"aswMonFlt" => service was unlocked. <===== ATTENTION
"aswNdis" => service was unlocked. <===== ATTENTION
"aswNdis2" => service was unlocked. <===== ATTENTION
"aswNdisFlt" => service was unlocked. <===== ATTENTION
"aswRdr" => service was unlocked. <===== ATTENTION
"aswRvrt" => service was unlocked. <===== ATTENTION
"aswSnx" => service was unlocked. <===== ATTENTION
"aswSP" => service was unlocked. <===== ATTENTION
"aswStm" => service was unlocked. <===== ATTENTION
"aswTdi" => service was unlocked. <===== ATTENTION
"aswUpdSv" => service was unlocked. <===== ATTENTION
"aswVmm" => service was unlocked. <===== ATTENTION
"ASZFltNt" => service was unlocked. <===== ATTENTION
"ATamptNt_V3IS80" => service was unlocked. <===== ATTENTION
"avasdmft" => service was unlocked. <===== ATTENTION
"avast! Antivirus" => service was unlocked. <===== ATTENTION
"avast! Firewall" => service was unlocked. <===== ATTENTION
"avast! Mail Scanner" => service was unlocked. <===== ATTENTION
"avast! Web Scanner" => service was unlocked. <===== ATTENTION
"avas_service" => service was unlocked. <===== ATTENTION
"AVBackup" => service was unlocked. <===== ATTENTION
"avc3" => service was unlocked. <===== ATTENTION
"avchv" => service was unlocked. <===== ATTENTION
"avckf" => service was unlocked. <===== ATTENTION
"avetixBC" => service was unlocked. <===== ATTENTION
"AvetixGuardService" => service was unlocked. <===== ATTENTION
"AvetixMonitorService" => service was unlocked. <===== ATTENTION
"AvetixOnAccess" => service was unlocked. <===== ATTENTION
"avetixSP" => service was unlocked. <===== ATTENTION
"AvetixUpdateService" => service was unlocked. <===== ATTENTION
"Avg" => service was unlocked. <===== ATTENTION
"Avgboota" => service was unlocked. <===== ATTENTION
"Avgbootx" => service was unlocked. <===== ATTENTION
"Avgdiska" => service was unlocked. <===== ATTENTION
"Avgdiskx" => service was unlocked. <===== ATTENTION
"Avgfwdx" => service was unlocked. <===== ATTENTION
"Avgfwfd" => service was unlocked. <===== ATTENTION
"avgfws" => service was unlocked. <===== ATTENTION
"AVGIDSAgent" => service was unlocked. <===== ATTENTION
"AVGIDSDriver" => service was unlocked. <===== ATTENTION
"AVGIDSDriverl" => service was unlocked. <===== ATTENTION
"AVGIDSHA" => service was unlocked. <===== ATTENTION
"AVGIDSHX" => service was unlocked. <===== ATTENTION
"AVGIDSShim" => service was unlocked. <===== ATTENTION
"Avgldx64" => service was unlocked. <===== ATTENTION
"Avgldx86" => service was unlocked. <===== ATTENTION
"Avgloga" => service was unlocked. <===== ATTENTION
"Avglogx" => service was unlocked. <===== ATTENTION
"Avgmfx64" => service was unlocked. <===== ATTENTION
"Avgmfx86" => service was unlocked. <===== ATTENTION
"avgntflt" => service was unlocked. <===== ATTENTION
"Avgrkx64" => service was unlocked. <===== ATTENTION
"Avgrkx86" => service was unlocked. <===== ATTENTION
"Avgtdia" => service was unlocked. <===== ATTENTION
"Avgtdix" => service was unlocked. <===== ATTENTION
"avgwd" => service was unlocked. <===== ATTENTION
"Avgwfpa" => service was unlocked. <===== ATTENTION
"Avgwfpx" => service was unlocked. <===== ATTENTION
"avipbb" => service was unlocked. <===== ATTENTION
"avkmgr" => service was unlocked. <===== ATTENTION
"AVKProxy" => service was unlocked. <===== ATTENTION
"AVKService" => service was unlocked. <===== ATTENTION
"AVKWCtl" => service was unlocked. <===== ATTENTION
"avnetflt" => service was unlocked. <===== ATTENTION
"AVP" => service was unlocked. <===== ATTENTION
"AVP15.0.0" => service was unlocked. <===== ATTENTION
"AVTasks2" => service was unlocked. <===== ATTENTION
"AVUpdate" => service was unlocked. <===== ATTENTION
"BAPIDRV" => service was unlocked. <===== ATTENTION
"BAVSvc" => service was unlocked. <===== ATTENTION
"Bcfilter" => service was unlocked. <===== ATTENTION
"BcfilterMP" => service was unlocked. <===== ATTENTION
"bcfsrm" => service was unlocked. <===== ATTENTION
"bcftdi" => service was unlocked. <===== ATTENTION
"bc_hash_f" => service was unlocked. <===== ATTENTION
"bc_ip_f" => service was unlocked. <===== ATTENTION
"bc_ngn" => service was unlocked. <===== ATTENTION
"bc_pat_f" => service was unlocked. <===== ATTENTION
"bc_prt_f" => service was unlocked. <===== ATTENTION
"bc_tdi_f" => service was unlocked. <===== ATTENTION
"BdAgent" => service was unlocked. <===== ATTENTION
"BdApiUtil" => service was unlocked. <===== ATTENTION
"BdCameraProtect" => service was unlocked. <===== ATTENTION
"BdDesktopParental" => service was unlocked. <===== ATTENTION
"bdelam" => service was unlocked. <===== ATTENTION
"Bdfndisf" => service was unlocked. <===== ATTENTION
"bdfsfltr" => service was unlocked. <===== ATTENTION
"bdftdif" => service was unlocked. <===== ATTENTION
"bdfwfpf" => service was unlocked. <===== ATTENTION
"bdfwfpf_pc" => service was unlocked. <===== ATTENTION
"BdNet" => service was unlocked. <===== ATTENTION
"BDSandBox" => service was unlocked. <===== ATTENTION
"bdselfpr" => service was unlocked. <===== ATTENTION
"bdsflt" => service was unlocked. <===== ATTENTION
"bdsnm" => service was unlocked. <===== ATTENTION
"BdSpy" => service was unlocked. <===== ATTENTION
"BDVEDISK" => service was unlocked. <===== ATTENTION
"Behavior Detection System" => service was unlocked. <===== ATTENTION
"Bfilter" => service was unlocked. <===== ATTENTION
"Bfmon" => service was unlocked. <===== ATTENTION
"Bhbase" => service was unlocked. <===== ATTENTION
"BHDrvx64" => service was unlocked. <===== ATTENTION
"BHDrvx86" => service was unlocked. <===== ATTENTION
"BHipsSvc" => service was unlocked. <===== ATTENTION
"Bnbase" => service was unlocked. <===== ATTENTION
"Bndef" => service was unlocked. <===== ATTENTION
"BNmon" => service was unlocked. <===== ATTENTION
"Bprotect" => service was unlocked. <===== ATTENTION
"BprotectEx" => service was unlocked. <===== ATTENTION
"Browser Defender Update Service" => service was unlocked. <===== ATTENTION
"BsBackup" => service was unlocked. <===== ATTENTION
"BsBhvScan" => service was unlocked. <===== ATTENTION
"BsFileScan" => service was unlocked. <===== ATTENTION
"BsFire" => service was unlocked. <===== ATTENTION
"bsfs" => service was unlocked. <===== ATTENTION
"BsMailProxy" => service was unlocked. <===== ATTENTION
"BsMain" => service was unlocked. <===== ATTENTION
"BsScanner" => service was unlocked. <===== ATTENTION
"BsUpdate" => service was unlocked. <===== ATTENTION
"CAAMSvc" => service was unlocked. <===== ATTENTION
"CaCCProvSP" => service was unlocked. <===== ATTENTION
"CAISafe" => service was unlocked. <===== ATTENTION
"catflt" => service was unlocked. <===== ATTENTION
"ccSchedulerSVC" => service was unlocked. <===== ATTENTION
"ccSettings_{3AC20362-8119-4C85-8CAC-8FC00AFA6B91}" => service was unlocked. <===== ATTENTION
"ccSet_N360" => service was unlocked. <===== ATTENTION
"ccSet_NIS" => service was unlocked. <===== ATTENTION
"ccSet_NS" => service was unlocked. <===== ATTENTION
"CdmDrvNt" => service was unlocked. <===== ATTENTION
"cfwids" => service was unlocked. <===== ATTENTION
"cleanhlp" => service was unlocked. <===== ATTENTION
"cmdAgent" => service was unlocked. <===== ATTENTION
"cmderd" => service was unlocked. <===== ATTENTION
"cmdGuard" => service was unlocked. <===== ATTENTION
"cmdHlp" => service was unlocked. <===== ATTENTION
"cmdvirth" => service was unlocked. <===== ATTENTION
"ComFiltr" => service was unlocked. <===== ATTENTION
"Core Mail Protection" => service was unlocked. <===== ATTENTION
"Core Scanning Server" => service was unlocked. <===== ATTENTION
"Core Scanning ServerEx" => service was unlocked. <===== ATTENTION
"CSCrySec" => service was unlocked. <===== ATTENTION
"CSObjectsSrv" => service was unlocked. <===== ATTENTION
"CSVirtualDiskDrv" => service was unlocked. <===== ATTENTION
"Double Anti-Spy Task Manager" => service was unlocked. <===== ATTENTION
"DrWebAVService" => service was unlocked. <===== ATTENTION
"DrWebEngine" => service was unlocked. <===== ATTENTION
"DrWebFwSvc" => service was unlocked. <===== ATTENTION
"DrWebLwf" => service was unlocked. <===== ATTENTION
"DrWebNetFilter" => service was unlocked. <===== ATTENTION
"DrWebWfp" => service was unlocked. <===== ATTENTION
"DSAFLT" => service was unlocked. <===== ATTENTION
"dsio" => service was unlocked. <===== ATTENTION
"DwDevGuard" => service was unlocked. <===== ATTENTION
"DwProt" => service was unlocked. <===== ATTENTION
"eac_notifysvc" => service was unlocked. <===== ATTENTION
"eac_productsvc" => service was unlocked. <===== ATTENTION
"eamon" => service was unlocked. <===== ATTENTION
"eamonm" => service was unlocked. <===== ATTENTION
"econceal" => service was unlocked. <===== ATTENTION
"econcealMP" => service was unlocked. <===== ATTENTION
"EconService" => service was unlocked. <===== ATTENTION
"edevmon" => service was unlocked. <===== ATTENTION
"EfiMon" => service was unlocked. <===== ATTENTION
"ehdrv" => service was unlocked. <===== ATTENTION
"EhttpSrv" => service was unlocked. <===== ATTENTION
"ekrn" => service was unlocked. <===== ATTENTION
"eLoggerSvc6" => service was unlocked. <===== ATTENTION
"EMLSS" => service was unlocked. <===== ATTENTION
"emlssx" => service was unlocked. <===== ATTENTION
"EncDisk" => service was unlocked. <===== ATTENTION
"epfw" => service was unlocked. <===== ATTENTION
"EpfwLWF" => service was unlocked. <===== ATTENTION
"Epfwndis" => service was unlocked. <===== ATTENTION
"epfwtdi" => service was unlocked. <===== ATTENTION
"epfwwfp" => service was unlocked. <===== ATTENTION
"epfwwfpr" => service was unlocked. <===== ATTENTION
"eScan Monitor Service" => service was unlocked. <===== ATTENTION
"eScan-trayicos" => service was unlocked. <===== ATTENTION
"F-Secure Gatekeeper" => service was unlocked. <===== ATTENTION
"F-Secure HIPS" => service was unlocked. <===== ATTENTION
"ffsmon" => service was unlocked. <===== ATTENTION
"fildds" => service was unlocked. <===== ATTENTION
"FileMonitor" => service was unlocked. <===== ATTENTION
"filmfd" => service was unlocked. <===== ATTENTION
"filppd" => service was unlocked. <===== ATTENTION
"FNETMON" => service was unlocked. <===== ATTENTION
"FPAVServer" => service was unlocked. <===== ATTENTION
"FPAV_RTP" => service was unlocked. <===== ATTENTION
"fsbts" => service was unlocked. <===== ATTENTION
"fshoster" => service was unlocked. <===== ATTENTION
"FSMA" => service was unlocked. <===== ATTENTION
"fsni" => service was unlocked. <===== ATTENTION
"FSORSPClient" => service was unlocked. <===== ATTENTION
"fsvista" => service was unlocked. <===== ATTENTION
"FWCore" => service was unlocked. <===== ATTENTION
"FWService" => service was unlocked. <===== ATTENTION
"GDBackupSvc" => service was unlocked. <===== ATTENTION
"GDBehave" => service was unlocked. <===== ATTENTION
"gddcd" => service was unlocked. <===== ATTENTION
"gddcv" => service was unlocked. <===== ATTENTION
"GDFwSvc" => service was unlocked. <===== ATTENTION
"GDMnIcpt" => service was unlocked. <===== ATTENTION
"GDNdisIc" => service was unlocked. <===== ATTENTION
"GDPkIcpt" => service was unlocked. <===== ATTENTION
"GDScan" => service was unlocked. <===== ATTENTION
"GDTdiInterceptor" => service was unlocked. <===== ATTENTION
"GDTunerSvc" => service was unlocked. <===== ATTENTION
"gdwfpcd" => service was unlocked. <===== ATTENTION
"gfiark" => service was unlocked. <===== ATTENTION
"gfiutil" => service was unlocked. <===== ATTENTION
"gfi_lanss11_attservice" => service was unlocked. <===== ATTENTION
"ggc" => service was unlocked. <===== ATTENTION
"GLogin" => service was unlocked. <===== ATTENTION
"gozer" => service was unlocked. <===== ATTENTION
"GuardX" => service was unlocked. <===== ATTENTION
"gzflt" => service was unlocked. <===== ATTENTION
"HipShieldK" => service was unlocked. <===== ATTENTION
"HomeNetSvc" => service was unlocked. <===== ATTENTION
"HookCentre" => service was unlocked. <===== ATTENTION
"HookPort" => service was unlocked. <===== ATTENTION
"hooksys" => service was unlocked. <===== ATTENTION
"HookTdi" => service was unlocked. <===== ATTENTION
"HyperVM" => service was unlocked. <===== ATTENTION
"IDriverT" => service was unlocked. <===== ATTENTION
"IDSFLT" => service was unlocked. <===== ATTENTION
"IDSVia64" => service was unlocked. <===== ATTENTION
"IDSVix86" => service was unlocked. <===== ATTENTION
"IMFservice" => service was unlocked. <===== ATTENTION
"ImmunetNetworkMonitorDriver" => service was unlocked. <===== ATTENTION
"ImmunetProtect" => service was unlocked. <===== ATTENTION
"ImmunetProtectDriver" => service was unlocked. <===== ATTENTION
"ImmunetSelfProtectDriver" => service was unlocked. <===== ATTENTION
"inspect" => service was unlocked. <===== ATTENTION
"ISFWEnt" => service was unlocked. <===== ATTENTION
"ISIPSEnt" => service was unlocked. <===== ATTENTION
"ISPIBEnt" => service was unlocked. <===== ATTENTION
"ISPrxEnt" => service was unlocked. <===== ATTENTION
"Jetico Personal Firewall server" => service was unlocked. <===== ATTENTION
"K7CrvSvc" => service was unlocked. <===== ATTENTION
"K7EmlPxy" => service was unlocked. <===== ATTENTION
"K7FWFilt" => service was unlocked. <===== ATTENTION
"K7FWHlpr" => service was unlocked. <===== ATTENTION
"K7FWSrvc" => service was unlocked. <===== ATTENTION
"K7PSSrvc" => service was unlocked. <===== ATTENTION
"K7RTScan" => service was unlocked. <===== ATTENTION
"K7Sentry" => service was unlocked. <===== ATTENTION
"K7SpmSrc" => service was unlocked. <===== ATTENTION
"K7TdiHlp" => service was unlocked. <===== ATTENTION
"K7TSMngr" => service was unlocked. <===== ATTENTION
"KerioMailServer" => service was unlocked. <===== ATTENTION
"khelperDriver" => service was unlocked. <===== ATTENTION
"kl1" => service was unlocked. <===== ATTENTION
"kldisk" => service was unlocked. <===== ATTENTION
"klelam" => service was unlocked. <===== ATTENTION
"klflt" => service was unlocked. <===== ATTENTION
"klhk" => service was unlocked. <===== ATTENTION
"KLIF" => service was unlocked. <===== ATTENTION
"KLIM6" => service was unlocked. <===== ATTENTION
"klpd" => service was unlocked. <===== ATTENTION
"kltdi" => service was unlocked. <===== ATTENTION
"klwfp" => service was unlocked. <===== ATTENTION
"klwtp" => service was unlocked. <===== ATTENTION
"KmxAgent" => service was unlocked. <===== ATTENTION
"KmxAMRT" => service was unlocked. <===== ATTENTION
"KmxCF" => service was unlocked. <===== ATTENTION
"KmxCfg" => service was unlocked. <===== ATTENTION
"KmxFile" => service was unlocked. <===== ATTENTION
"KmxFilter" => service was unlocked. <===== ATTENTION
"KmxFw" => service was unlocked. <===== ATTENTION
"KmxSbx" => service was unlocked. <===== ATTENTION
"KmxStart" => service was unlocked. <===== ATTENTION
"kneps" => service was unlocked. <===== ATTENTION
"kvnet" => service was unlocked. <===== ATTENTION
"kwflower" => service was unlocked. <===== ATTENTION
"kwfupper" => service was unlocked. <===== ATTENTION
"LavasoftAdAwareService11" => service was unlocked. <===== ATTENTION
"llio" => service was unlocked. <===== ATTENTION
"MBAMSwissArmy" => service was unlocked. <===== ATTENTION
"MBAMWebAccessControl" => service was unlocked. <===== ATTENTION
"McAfee SiteAdvisor Service" => service was unlocked. <===== ATTENTION
"McAPExe" => service was unlocked. <===== ATTENTION
"McComponentHostService" => service was unlocked. <===== ATTENTION
"McMPFSvc" => service was unlocked. <===== ATTENTION
"McNaiAnn" => service was unlocked. <===== ATTENTION
"McODS" => service was unlocked. <===== ATTENTION
"mcpltsvc" => service was unlocked. <===== ATTENTION
"McProxy" => service was unlocked. <===== ATTENTION
"McPvDrv" => service was unlocked. <===== ATTENTION
"McShield" => service was unlocked. <===== ATTENTION
"McTaskManager" => service was unlocked. <===== ATTENTION
"MeDCoreD_V3IS80" => service was unlocked. <===== ATTENTION
"mfeapfk" => service was unlocked. <===== ATTENTION
"mfeavfk" => service was unlocked. <===== ATTENTION
"mfebopk" => service was unlocked. <===== ATTENTION
"mfecore" => service was unlocked. <===== ATTENTION
"mfeelamk" => service was unlocked. <===== ATTENTION
"mfefire" => service was unlocked. <===== ATTENTION
"mfefirek" => service was unlocked. <===== ATTENTION
"mfehidk" => service was unlocked. <===== ATTENTION
"mfencbdc" => service was unlocked. <===== ATTENTION
"mfencrk" => service was unlocked. <===== ATTENTION
"mfevtp" => service was unlocked. <===== ATTENTION
"mfewfpk" => service was unlocked. <===== ATTENTION
"Microsoft Antimalware" => service was unlocked. <===== ATTENTION
"mksfwallf" => service was unlocked. <===== ATTENTION
"mksidsa" => service was unlocked. <===== ATTENTION
"mksidsf" => service was unlocked. <===== ATTENTION
"MksMonEn" => service was unlocked. <===== ATTENTION
"MksMonEv" => service was unlocked. <===== ATTENTION
"MksMonFd" => service was unlocked. <===== ATTENTION
"mks_services" => service was unlocked. <===== ATTENTION
"MOBKbackup" => service was unlocked. <===== ATTENTION
"MOBKFilter" => service was unlocked. <===== ATTENTION
"MpFilter" => service was unlocked. <===== ATTENTION
"mscank" => service was unlocked. <===== ATTENTION
"MSK80Service" => service was unlocked. <===== ATTENTION
"MsMpSvc" => service was unlocked. <===== ATTENTION
"MWAgent" => service was unlocked. <===== ATTENTION
"mwfsmfltr" => service was unlocked. <===== ATTENTION
"N360" => service was unlocked. <===== ATTENTION
"nanoflt" => service was unlocked. <===== ATTENTION
"nanokrn" => service was unlocked. <===== ATTENTION
"NanoServiceMain" => service was unlocked. <===== ATTENTION
"nanosvc" => service was unlocked. <===== ATTENTION
"NASS" => service was unlocked. <===== ATTENTION
"NAVENG" => service was unlocked. <===== ATTENTION
"NAVEX15" => service was unlocked. <===== ATTENTION
"Ndiskio" => service was unlocked. <===== ATTENTION
"netcontroller" => service was unlocked. <===== ATTENTION
"netfilter" => service was unlocked. <===== ATTENTION
"NETFLTDI" => service was unlocked. <===== ATTENTION
"NETIMFLT01060034" => service was unlocked. <===== ATTENTION
"NETIMFLT01060039" => service was unlocked. <===== ATTENTION
"NETIMFLT01060044" => service was unlocked. <===== ATTENTION
"NGS" => service was unlocked. <===== ATTENTION
"NHS" => service was unlocked. <===== ATTENTION
"NIG" => service was unlocked. <===== ATTENTION
"NIS" => service was unlocked. <===== ATTENTION
"NisSrv" => service was unlocked. <===== ATTENTION
"nnetsec" => service was unlocked. <===== ATTENTION
"NNetSecC" => service was unlocked. <===== ATTENTION
"NNFSVC" => service was unlocked. <===== ATTENTION
"NNSALPC" => service was unlocked. <===== ATTENTION
"NNSHTTP" => service was unlocked. <===== ATTENTION
"NNSHTTPS" => service was unlocked. <===== ATTENTION
"NNSIDS" => service was unlocked. <===== ATTENTION
"NNSNAHS" => service was unlocked. <===== ATTENTION
"NNSNAHSL" => service was unlocked. <===== ATTENTION
"NNSPICC" => service was unlocked. <===== ATTENTION
"NNSPIHS" => service was unlocked. <===== ATTENTION
"NNSPIHSW" => service was unlocked. <===== ATTENTION
"NNSPOP3" => service was unlocked. <===== ATTENTION
"NNSPROT" => service was unlocked. <===== ATTENTION
"NNSPRV" => service was unlocked. <===== ATTENTION
"NNSSMTP" => service was unlocked. <===== ATTENTION
"NNSSTRM" => service was unlocked. <===== ATTENTION
"NNSTLSC" => service was unlocked. <===== ATTENTION
"Norman NJeeves" => service was unlocked. <===== ATTENTION
"Norman ZANDA" => service was unlocked. <===== ATTENTION
"NovaShieldFilterDriver" => service was unlocked. <===== ATTENTION
"NovaShieldTDIDriver" => service was unlocked. <===== ATTENTION
"NPFSvc32" => service was unlocked. <===== ATTENTION
"NPFSvc32_Data" => service was unlocked. <===== ATTENTION
"NPROSEC" => service was unlocked. <===== ATTENTION
"NPROSECSVC" => service was unlocked. <===== ATTENTION
"npsvc32" => service was unlocked. <===== ATTENTION
"nregsec" => service was unlocked. <===== ATTENTION
"nsesvc" => service was unlocked. <===== ATTENTION
"NTGUARD" => service was unlocked. <===== ATTENTION
"NUAA" => service was unlocked. <===== ATTENTION
"NvcMFlt" => service was unlocked. <===== ATTENTION
"nvcoas" => service was unlocked. <===== ATTENTION
"nvoy" => service was unlocked. <===== ATTENTION
"OAcat" => service was unlocked. <===== ATTENTION
"OADevice" => service was unlocked. <===== ATTENTION
"oahlpXX" => service was unlocked. <===== ATTENTION
"OAmon" => service was unlocked. <===== ATTENTION
"OAnet" => service was unlocked. <===== ATTENTION
"Online Protection System" => service was unlocked. <===== ATTENTION
"Panda Software Controller" => service was unlocked. <===== ATTENTION
"pavboot" => service was unlocked. <===== ATTENTION
"PAVFNSVR" => service was unlocked. <===== ATTENTION
"PavProc" => service was unlocked. <===== ATTENTION
"PavPrSrv" => service was unlocked. <===== ATTENTION
"PAVSRV" => service was unlocked. <===== ATTENTION
"PavTPK.sys" => service was unlocked. <===== ATTENTION
"PCTBD" => service was unlocked. <===== ATTENTION
"PCTCore" => service was unlocked. <===== ATTENTION
"pctDS" => service was unlocked. <===== ATTENTION
"pctEFA" => service was unlocked. <===== ATTENTION
"pctgntdi" => service was unlocked. <===== ATTENTION
"pctplsm" => service was unlocked. <===== ATTENTION
"PCTSD" => service was unlocked. <===== ATTENTION
"PROCMON20" => service was unlocked. <===== ATTENTION
"PROCMON23" => service was unlocked. <===== ATTENTION
"ProcObsrv" => service was unlocked. <===== ATTENTION
"PSHost" => service was unlocked. <===== ATTENTION
"PSIMSVC" => service was unlocked. <===== ATTENTION
"PSINAflt" => service was unlocked. <===== ATTENTION
"PSINFile" => service was unlocked. <===== ATTENTION
"PSINKNC" => service was unlocked. <===== ATTENTION
"PSINProc" => service was unlocked. <===== ATTENTION
"PSINProt" => service was unlocked. <===== ATTENTION
"PSINReg" => service was unlocked. <===== ATTENTION
"PSKMAD" => service was unlocked. <===== ATTENTION
"PskSvcRetail" => service was unlocked. <===== ATTENTION
"PSUAService" => service was unlocked. <===== ATTENTION
"pwipf6" => service was unlocked. <===== ATTENTION
"Quick Update Service" => service was unlocked. <===== ATTENTION
"qutmdserv" => service was unlocked. <===== ATTENTION
"qutmipc" => service was unlocked. <===== ATTENTION
"RegFilter" => service was unlocked. <===== ATTENTION
"RoboFww" => service was unlocked. <===== ATTENTION
"RoboRtwIFDrv" => service was unlocked. <===== ATTENTION
"Roboscan_RTSrv" => service was unlocked. <===== ATTENTION
"Roboscan_UpdSrv" => service was unlocked. <===== ATTENTION
"rsdsys" => service was unlocked. <===== ATTENTION
"RsMgrSvc" => service was unlocked. <===== ATTENTION
"RsRavMon" => service was unlocked. <===== ATTENTION
"SafeBox" => service was unlocked. <===== ATTENTION
"SandBox" => service was unlocked. <===== ATTENTION
"SAPlus" => service was unlocked. <===== ATTENTION
"sascan" => service was unlocked. <===== ATTENTION
"sascansvc" => service was unlocked. <===== ATTENTION
"SAUAVSvc" => service was unlocked. <===== ATTENTION
"SAVAdminService" => service was unlocked. <===== ATTENTION
"SAVOnAccess" => service was unlocked. <===== ATTENTION
"SAVOnAccessControl" => service was unlocked. <===== ATTENTION
"SAVOnAccessFilter" => service was unlocked. <===== ATTENTION
"SAVService" => service was unlocked. <===== ATTENTION
"SBAMSvc" => service was unlocked. <===== ATTENTION
"sbaphd" => service was unlocked. <===== ATTENTION
"sbapifs" => service was unlocked. <===== ATTENTION
"SbFw" => service was unlocked. <===== ATTENTION
"SBFWIMCL" => service was unlocked. <===== ATTENTION
"SBFWIMCLMP" => service was unlocked. <===== ATTENTION
"sbhips" => service was unlocked. <===== ATTENTION
"SBPIMSvc" => service was unlocked. <===== ATTENTION
"sbtis" => service was unlocked. <===== ATTENTION
"sbwtis" => service was unlocked. <===== ATTENTION
"scan" => service was unlocked. <===== ATTENTION
"ScanWscS" => service was unlocked. <===== ATTENTION
"scfdriver" => service was unlocked. <===== ATTENTION
"scfndis" => service was unlocked. <===== ATTENTION
"Scheduler" => service was unlocked. <===== ATTENTION
"ScSecSvc" => service was unlocked. <===== ATTENTION
"sdAuxService" => service was unlocked. <===== ATTENTION
"sdCoreService" => service was unlocked. <===== ATTENTION
"SDScannerService" => service was unlocked. <===== ATTENTION
"SDUpdateService" => service was unlocked. <===== ATTENTION
"SDWSCService" => service was unlocked. <===== ATTENTION
"semsrv" => service was unlocked. <===== ATTENTION
"semwebsrv" => service was unlocked. <===== ATTENTION
"SepMasterService" => service was unlocked. <===== ATTENTION
"SFWCallout" => service was unlocked. <===== ATTENTION
"ShldDrv" => service was unlocked. <===== ATTENTION
"ShldFlt" => service was unlocked. <===== ATTENTION
"SKMScan" => service was unlocked. <===== ATTENTION
"Sophos AutoUpdate Service" => service was unlocked. <===== ATTENTION
"Sophos Client Firewall" => service was unlocked. <===== ATTENTION
"SophosBootDriver" => service was unlocked. <===== ATTENTION
"SpiderG3" => service was unlocked. <===== ATTENTION
"SpyEmrg" => service was unlocked. <===== ATTENTION
"SpyEmrgAccess" => service was unlocked. <===== ATTENTION
"SpyEmrgGuard" => service was unlocked. <===== ATTENTION
"SpyEmrgHealth" => service was unlocked. <===== ATTENTION
"SpyEmrgSrv" => service was unlocked. <===== ATTENTION
"Spyshelter" => service was unlocked. <===== ATTENTION
"SpyshelterKb" => service was unlocked. <===== ATTENTION
"SRTSP" => service was unlocked. <===== ATTENTION
"SRTSPX" => service was unlocked. <===== ATTENTION
"ssfwmonsvc" => service was unlocked. <===== ATTENTION
"ssmdrv" => service was unlocked. <===== ATTENTION
"sstsmonsvc" => service was unlocked. <===== ATTENTION
"StopSign Update Manager" => service was unlocked. <===== ATTENTION
"SvcOnlineArmor" => service was unlocked. <===== ATTENTION
"swi_callout" => service was unlocked. <===== ATTENTION
"swi_filter" => service was unlocked. <===== ATTENTION
"swi_service" => service was unlocked. <===== ATTENTION
"swi_update" => service was unlocked. <===== ATTENTION
"SymDS" => service was unlocked. <===== ATTENTION
"SymEFA" => service was unlocked. <===== ATTENTION
"SymELAM" => service was unlocked. <===== ATTENTION
"SymEvent" => service was unlocked. <===== ATTENTION
"SymIRON" => service was unlocked. <===== ATTENTION
"SymNetS" => service was unlocked. <===== ATTENTION
"SysPlant" => service was unlocked. <===== ATTENTION
"tdifw" => service was unlocked. <===== ATTENTION
"tdimapper" => service was unlocked. <===== ATTENTION
"tdi_nf" => service was unlocked. <===== ATTENTION
"Teefer2" => service was unlocked. <===== ATTENTION
"TfFRegNt" => service was unlocked. <===== ATTENTION
"TfProcNt" => service was unlocked. <===== ATTENTION
"TFsFlt" => service was unlocked. <===== ATTENTION
"tmactmon" => service was unlocked. <===== ATTENTION
"tmcomm" => service was unlocked. <===== ATTENTION
"TMEBC" => service was unlocked. <===== ATTENTION
"tmeevw" => service was unlocked. <===== ATTENTION
"tmel" => service was unlocked. <===== ATTENTION
"tmevtmgr" => service was unlocked. <===== ATTENTION
"tmnciesc" => service was unlocked. <===== ATTENTION
"tmtdi" => service was unlocked. <===== ATTENTION
"tmusa" => service was unlocked. <===== ATTENTION
"tpdevflt" => service was unlocked. <===== ATTENTION
"tpmgma_service" => service was unlocked. <===== ATTENTION
"TPPFHOOK" => service was unlocked. <===== ATTENTION
"tpsec" => service was unlocked. <===== ATTENTION
"TPSrv" => service was unlocked. <===== ATTENTION
"trufos" => service was unlocked. <===== ATTENTION
"TS4NT" => service was unlocked. <===== ATTENTION
"TSNxGService" => service was unlocked. <===== ATTENTION
"twssrv" => service was unlocked. <===== ATTENTION
"UmxEngine" => service was unlocked. <===== ATTENTION
"UPDATESRV" => service was unlocked. <===== ATTENTION
"UrlFilter" => service was unlocked. <===== ATTENTION
"UTSvcManager3" => service was unlocked. <===== ATTENTION
"V3 Service" => service was unlocked. <===== ATTENTION
"v3engine" => service was unlocked. <===== ATTENTION
"V3Flt2K" => service was unlocked. <===== ATTENTION
"V3Flu2k_V3IS80" => service was unlocked. <===== ATTENTION
"V3IFt2K" => service was unlocked. <===== ATTENTION
"Vba32dNT" => service was unlocked. <===== ATTENTION
"Vba32ECM" => service was unlocked. <===== ATTENTION
"Vba32ifs" => service was unlocked. <===== ATTENTION
"Vba32Ldr" => service was unlocked. <===== ATTENTION
"Vba32mNT" => service was unlocked. <===== ATTENTION
"Vba32PP3" => service was unlocked. <===== ATTENTION
"Vba32Prot" => service was unlocked. <===== ATTENTION
"VbaControlAgent" => service was unlocked. <===== ATTENTION
"VBCoreNT.0" => service was unlocked. <===== ATTENTION
"VBEngNT" => service was unlocked. <===== ATTENTION
"VBFilt" => service was unlocked. <===== ATTENTION
"viprecomsvc" => service was unlocked. <===== ATTENTION
"vrptcomn" => service was unlocked. <===== ATTENTION
"vrptself" => service was unlocked. <===== ATTENTION
"Vsdatant" => service was unlocked. <===== ATTENTION
"vsmon" => service was unlocked. <===== ATTENTION
"VSSERV" => service was unlocked. <===== ATTENTION
"webssx" => service was unlocked. <===== ATTENTION
"WinRoute" => service was unlocked. <===== ATTENTION
"wipesrv" => service was unlocked. <===== ATTENTION
"WNMFLT" => service was unlocked. <===== ATTENTION
"WRDRV" => service was unlocked. <===== ATTENTION
"WRkrn" => service was unlocked. <===== ATTENTION
"WRSVC" => service was unlocked. <===== ATTENTION
"wrUrlFlt" => service was unlocked. <===== ATTENTION
"wsnf" => service was unlocked. <===== ATTENTION
"wstif" => service was unlocked. <===== ATTENTION
"xCoreFirewallSvc" => service was unlocked. <===== ATTENTION
"xCoreUpdateSvc" => service was unlocked. <===== ATTENTION
"ZAPrivacyService" => service was unlocked. <===== ATTENTION
"ZhuDongFangYu" => service was unlocked. <===== ATTENTION
"ZillyaAVAuxSvc" => service was unlocked. <===== ATTENTION
"ZillyaAVCoreSvc" => service was unlocked. <===== ATTENTION
"Znf" => service was unlocked. <===== ATTENTION
"zsc" => service was unlocked. <===== ATTENTION
 
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe [1994096 2012-01-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe [353648 2012-01-12] (Symantec Corporation)
R2 BitplusService; C:\Bitplus\CommMaster\WinService.exe [139264 2012-01-06] (Bitplus Solution Ltd) [File not signed]
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [269152 2011-03-09] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [174592 2011-03-08] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1356288 2011-02-18] (Hewlett-Packard Company) [File not signed]
S2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [16224 2011-03-09] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15976 2011-02-03] (Hewlett-Packard Company)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-21] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-21] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2011-01-06] (Hewlett-Packard Company) [File not signed]
S2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-21] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
S2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-21] (Microsoft Corporation)
S3 PDVFSService; C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe [301720 2012-03-30] ()
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-21] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2065408 2011-01-28] (Hewlett-Packard Company) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X]
S2 AVP15.0.2; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Small Office Security 15.0.2\avp.exe" -r [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360AvFlt; C:\Windows\System32\Drivers\360AvFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box; C:\Windows\System32\Drivers\360Box.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box64; C:\Windows\System32\Drivers\360Box64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Camera; C:\Windows\System32\Drivers\360Camera.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360fsflt; C:\Windows\System32\Drivers\360fsflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360SelfProtection; C:\Windows\System32\Drivers\360SelfProtection.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ABndis; C:\Windows\System32\Drivers\ABndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AFW; C:\Windows\System32\Drivers\AFW.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 afwcore; C:\Windows\System32\Drivers\afwcore.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnFlt2K; C:\Windows\System32\Drivers\AhnFlt2K.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnRec2K; C:\Windows\System32\Drivers\AhnRec2K.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnRghNt; C:\Windows\System32\Drivers\AhnRghNt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnSZE; C:\Windows\System32\Drivers\AhnSZE.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ALE_NF; C:\Windows\System32\Drivers\ALE_NF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AMonLWLH; C:\Windows\System32\Drivers\AMonLWLH.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AMonTDLH; C:\Windows\System32\Drivers\AMonTDLH.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 APPFLT; C:\Windows\System32\Drivers\APPFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 arcawfp; C:\Windows\System32\Drivers\arcawfp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 asd2fsm; C:\Windows\System32\Drivers\asd2fsm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Asdids; C:\Windows\System32\Drivers\Asdids.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswSP; C:\Windows\System32\Drivers\aswSP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
U5 avasdmft; C:\Windows\System32\Drivers\avasdmft.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avc3; C:\Windows\System32\Drivers\avc3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avckf; C:\Windows\System32\Drivers\avckf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgbootx; C:\Windows\System32\Drivers\Avgbootx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgdiska; C:\Windows\System32\Drivers\Avgdiska.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgdiskx; C:\Windows\System32\Drivers\Avgdiskx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgfwdx; C:\Windows\System32\Drivers\Avgfwdx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AVGIDSHX; C:\Windows\System32\Drivers\AVGIDSHX.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgldx86; C:\Windows\System32\Drivers\Avgldx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avglogx; C:\Windows\System32\Drivers\Avglogx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgmfx86; C:\Windows\System32\Drivers\Avgmfx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgrkx86; C:\Windows\System32\Drivers\Avgrkx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgtdix; C:\Windows\System32\Drivers\Avgtdix.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgwfpx; C:\Windows\System32\Drivers\Avgwfpx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avnetflt; C:\Windows\System32\Drivers\avnetflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bcfilter; C:\Windows\System32\Drivers\Bcfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bcfsrm; C:\Windows\System32\Drivers\bcfsrm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bcftdi; C:\Windows\System32\Drivers\bcftdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_hash_f; C:\Windows\System32\Drivers\bc_hash_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_ip_f; C:\Windows\System32\Drivers\bc_ip_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_ngn; C:\Windows\System32\Drivers\bc_ngn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_pat_f; C:\Windows\System32\Drivers\bc_pat_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_prt_f; C:\Windows\System32\Drivers\bc_prt_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_tdi_f; C:\Windows\System32\Drivers\bc_tdi_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdAgent; C:\Windows\System32\Drivers\BdAgent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bdfndisf; C:\Windows\System32\Drivers\Bdfndisf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdNet; C:\Windows\System32\Drivers\BdNet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdsflt; C:\Windows\System32\Drivers\bdsflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdsnm; C:\Windows\System32\Drivers\bdsnm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdSpy; C:\Windows\System32\Drivers\BdSpy.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BprotectEx; C:\Windows\System32\Drivers\BprotectEx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bsfs; C:\Windows\System32\Drivers\bsfs.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 catflt; C:\Windows\System32\Drivers\catflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 CdmDrvNt; C:\Windows\System32\Drivers\CdmDrvNt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cfwids; C:\Windows\System32\Drivers\cfwids.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-07] (Kaspersky Lab UK Ltd)
U5 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2011-01-26] (Hewlett-Packard Company)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-21] (Microsoft Corporation)
U5 DrWebLwf; C:\Windows\System32\Drivers\DrWebLwf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 DSAFLT; C:\Windows\System32\Drivers\DSAFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 DwProt; C:\Windows\System32\Drivers\DwProt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 eamonm; C:\Windows\System32\Drivers\eamonm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 econceal; C:\Windows\System32\Drivers\econceal.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 EfiMon; C:\Windows\System32\Drivers\EfiMon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 emlssx; C:\Windows\System32\Drivers\emlssx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwtdi; C:\Windows\System32\Drivers\epfwtdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FNETMON; C:\Windows\System32\Drivers\FNETMON.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FPAV_RTP; C:\Windows\System32\Drivers\FPAV_RTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FWCore; C:\Windows\System32\Drivers\FWCore.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 GDBehave; C:\Windows\System32\Drivers\GDBehave.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 GDNdisIc; C:\Windows\System32\Drivers\GDNdisIc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gfiark; C:\Windows\System32\Drivers\gfiark.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gfiutil; C:\Windows\System32\Drivers\gfiutil.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ggc; C:\Windows\System32\Drivers\ggc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gzflt; C:\Windows\System32\Drivers\gzflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookCentre; C:\Windows\System32\Drivers\HookCentre.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookPort; C:\Windows\System32\Drivers\HookPort.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 hooksys; C:\Windows\System32\Drivers\hooksys.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookTdi; C:\Windows\System32\Drivers\HookTdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [157288 2010-08-10] (Hewlett-Packard Company)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44136 2010-07-29] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
U5 IDSFLT; C:\Windows\System32\Drivers\IDSFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ImmunetProtect; C:\Windows\System32\Drivers\ImmunetProtect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
U5 K7FWFilt; C:\Windows\System32\Drivers\K7FWFilt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7FWHlpr; C:\Windows\System32\Drivers\K7FWHlpr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7Sentry; C:\Windows\System32\Drivers\K7Sentry.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7TdiHlp; C:\Windows\System32\Drivers\K7TdiHlp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kl1; C:\Windows\System32\Drivers\kl1.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kldisk; C:\Windows\System32\Drivers\kldisk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klelam; C:\Windows\System32\Drivers\klelam.sys [0 2016-01-21] () <==== ATTENTION (zero byte File/Folder)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klhk; C:\Windows\System32\Drivers\klhk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klpd; C:\Windows\System32\Drivers\klpd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kltdi; C:\Windows\System32\Drivers\kltdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klwfp; C:\Windows\System32\Drivers\klwfp.sys [0 2016-01-21] () <==== ATTENTION (zero byte File/Folder)
U5 klwtp; C:\Windows\System32\Drivers\klwtp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxAgent; C:\Windows\System32\Drivers\KmxAgent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxCfg; C:\Windows\System32\Drivers\KmxCfg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFilter; C:\Windows\System32\Drivers\KmxFilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxStart; C:\Windows\System32\Drivers\KmxStart.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kneps; C:\Windows\System32\Drivers\kneps.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kvnet; C:\Windows\System32\Drivers\kvnet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kwflower; C:\Windows\System32\Drivers\kwflower.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kwfupper; C:\Windows\System32\Drivers\kwfupper.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [103464 2011-02-22] (Broadcom Corporation)
U5 llio; C:\Windows\System32\Drivers\llio.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfebopk; C:\Windows\System32\Drivers\mfebopk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeelamk; C:\Windows\System32\Drivers\mfeelamk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
U5 mscank; C:\Windows\System32\Drivers\mscank.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 netcontroller; C:\Windows\System32\Drivers\netcontroller.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 netfilter; C:\Windows\System32\Drivers\netfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NETFLTDI; C:\Windows\System32\Drivers\NETFLTDI.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
U5 nnetsec; C:\Windows\System32\Drivers\nnetsec.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSHTTPS; C:\Windows\System32\Drivers\NNSHTTPS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSNAHS; C:\Windows\System32\Drivers\NNSNAHS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPIHS; C:\Windows\System32\Drivers\NNSPIHS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 OAmon; C:\Windows\System32\Drivers\OAmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 OAnet; C:\Windows\System32\Drivers\OAnet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 pavboot; C:\Windows\System32\Drivers\pavboot.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PavProc; C:\Windows\System32\Drivers\PavProc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R1 PDVFSDriver; C:\Windows\System32\drivers\pdfsd.sys [79480 2012-03-30] (Symantec Corporation)
U5 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINReg; C:\Windows\System32\Drivers\PSINReg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 pwipf6; C:\Windows\System32\Drivers\pwipf6.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 qutmipc; C:\Windows\System32\Drivers\qutmipc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
U5 SandBox; C:\Windows\System32\Drivers\SandBox.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sascan; C:\Windows\System32\Drivers\sascan.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccessControl; C:\Windows\System32\Drivers\SAVOnAccessControl.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccessFilter; C:\Windows\System32\Drivers\SAVOnAccessFilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbaphd; C:\Windows\System32\Drivers\sbaphd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SbFw; C:\Windows\System32\Drivers\SbFw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbhips; C:\Windows\System32\Drivers\sbhips.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbtis; C:\Windows\System32\Drivers\sbtis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 scfdriver; C:\Windows\System32\Drivers\scfdriver.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 scfndis; C:\Windows\System32\Drivers\scfndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SFWCallout; C:\Windows\System32\Drivers\SFWCallout.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SKMScan; C:\Windows\System32\Drivers\SKMScan.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SpiderG3; C:\Windows\System32\Drivers\SpiderG3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SpyEmrg; C:\Windows\System32\Drivers\SpyEmrg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ssmdrv; C:\Windows\System32\Drivers\ssmdrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 swi_callout; C:\Windows\System32\Drivers\swi_callout.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SymEvent; C:\Windows\System32\Drivers\SymEvent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tdifw; C:\Windows\System32\Drivers\tdifw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tdi_nf; C:\Windows\System32\Drivers\tdi_nf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmel; C:\Windows\System32\Drivers\tmel.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmusa; C:\Windows\System32\Drivers\tmusa.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tpdevflt; C:\Windows\System32\Drivers\tpdevflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tpsec; C:\Windows\System32\Drivers\tpsec.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36608 2016-01-17] ()
U5 trufos; C:\Windows\System32\Drivers\trufos.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 TS4NT; C:\Windows\System32\Drivers\TS4NT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 v3engine; C:\Windows\System32\Drivers\v3engine.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 VBEngNT; C:\Windows\System32\Drivers\VBEngNT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [114296 2011-10-25] (Symantec Corporation)
U5 vrptcomn; C:\Windows\System32\Drivers\vrptcomn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 webssx; C:\Windows\System32\Drivers\webssx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 WNMFLT; C:\Windows\System32\Drivers\WNMFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wrUrlFlt; C:\Windows\System32\Drivers\wrUrlFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wsnf; C:\Windows\System32\Drivers\wsnf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wstif; C:\Windows\System32\Drivers\wstif.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Znf; C:\Windows\System32\Drivers\Znf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-22 09:04 - 2016-01-22 09:05 - 00076755 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-01-22 09:03 - 2016-01-22 09:03 - 00014815 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2016-01-22 08:54 - 2016-01-22 08:54 - 00000000 ____D C:\Temp Dlls
2016-01-22 08:35 - 2016-01-22 09:00 - 00000000 ____D C:\Users\ta.operator\AppData\Local\Temp\4
2016-01-21 20:29 - 2016-01-22 09:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2016-01-21 20:29 - 2016-01-21 20:29 - 00000000 __SHD C:\Users\Administrator\AppData\Roaming\jMYkWQPE9fo
2016-01-21 20:24 - 2016-01-21 20:24 - 00000000 _RSHD C:\Windows\system32\Drivers\klwfp.sys
2016-01-21 20:24 - 2016-01-21 20:24 - 00000000 _RSHD C:\Windows\system32\Drivers\klim5.sys
2016-01-21 20:24 - 2016-01-21 20:24 - 00000000 _RSHD C:\Windows\system32\Drivers\klelam.sys
2016-01-21 20:16 - 2016-01-21 20:16 - 00327680 _____ C:\Users\Administrator\AppData\Local\Temp\~DFEA78CF8729C5B640.TMP
2016-01-20 09:11 - 2016-01-20 09:11 - 00000498 __RSH C:\Users\wing\ntuser.pol
2016-01-20 09:11 - 2016-01-20 09:11 - 00000000 ____D C:\Users\wing\AppData\Roaming\AVG
2016-01-19 11:30 - 2016-01-19 11:34 - 00360448 _____ C:\Users\Administrator\AppData\Local\Temp\~DFD54A93BB1FA6FC5C.TMP
2016-01-18 12:47 - 2016-01-18 13:04 - 52988120 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.32.exe
2016-01-18 09:29 - 2016-01-18 09:29 - 00000000 ____D C:\Users\ta.operator\AppData\Roaming\AVG
2016-01-17 23:36 - 2016-01-17 23:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis1.exe
2016-01-17 23:25 - 2016-01-17 23:25 - 00003078 __RSH C:\ProgramData\ntuser.pol
2016-01-17 21:42 - 2016-01-17 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\666A05D6.sys
2016-01-17 19:27 - 2016-01-17 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\63DE1EBE.sys
2016-01-17 18:15 - 2016-01-17 18:15 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\WUDiagTempFolder
2016-01-17 14:49 - 2016-01-17 14:49 - 00000058 _____ C:\Users\Administrator\AppData\Local\Temp\avginfo.id
2016-01-17 14:49 - 2016-01-17 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2016-01-17 14:48 - 2016-01-21 18:39 - 00000896 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-17 14:48 - 2016-01-21 18:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-17 14:46 - 2016-01-21 20:27 - 00000000 ____D C:\ProgramData\MFAData
2016-01-17 14:38 - 2016-01-17 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\7zS82CA8405
2016-01-17 08:02 - 2016-01-17 08:02 - 00000000 ____D C:\Users\Administrator\Desktop\processmonitor
2016-01-17 08:00 - 2016-01-17 07:54 - 00967601 _____ C:\Users\Administrator\Desktop\processmonitor.zip
2016-01-17 00:57 - 2016-01-17 00:57 - 00000000 ____D C:\Windows\pss
2016-01-16 14:17 - 2016-01-17 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\024962E9.sys
2016-01-16 00:41 - 2016-01-16 12:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\RarSFX0
2016-01-16 00:24 - 2016-01-16 00:24 - 00789688 _____ C:\Users\Administrator\Desktop\scan.html
2016-01-16 00:09 - 2016-01-17 07:49 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-16 00:09 - 2016-01-16 00:24 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-16 00:09 - 2015-05-25 21:21 - 01728960 _____ (Microsoft Corporation) C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll
2016-01-16 00:02 - 2016-01-16 00:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-16 00:02 - 2016-01-16 00:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-15 23:38 - 2016-01-15 23:38 - 00000987 _____ C:\Users\Administrator\Desktop\Install Kaspersky Small Office Security version 15.0.2.361.lnk
2016-01-15 23:37 - 2016-01-15 23:38 - 00037054 _____ C:\Users\Administrator\AppData\Local\Temp\kl-setup-2016-01-15-23-37-55.log.enc1
2016-01-15 23:37 - 2016-01-15 23:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-15 23:33 - 2016-01-22 08:50 - 00006422 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-01-15 23:33 - 2016-01-22 08:48 - 00000000 ____D C:\Users\Administrator\Desktop\rkill
2016-01-15 23:08 - 2016-01-15 23:10 - 00000000 ____D C:\Users\Administrator\Desktop\archive
2016-01-15 13:28 - 2016-01-17 18:15 - 00000034 _____ C:\Users\Administrator\AppData\Local\Temp\WindowsUpdateTroubleShooter_resolverRan
2016-01-15 13:28 - 2016-01-17 18:14 - 00000070 _____ C:\Users\Administrator\AppData\Local\Temp\WindowsUpdateTroubleShooterRC_VF.xml.txt
2016-01-15 13:28 - 2016-01-17 18:14 - 00000006 _____ C:\Users\Administrator\AppData\Local\Temp\WindowsUpdateTroubleShooterRC_Param.xml.txt
2016-01-15 13:27 - 2016-01-17 18:15 - 00001412 _____ C:\Users\Administrator\AppData\Local\Temp\wurunSeq.txt
2016-01-15 13:27 - 2016-01-17 18:15 - 00000266 _____ C:\Users\Administrator\AppData\Local\Temp\wuZipFilePaths
2016-01-15 13:27 - 2016-01-17 18:15 - 00000138 _____ C:\Users\Administrator\AppData\Local\Temp\sfcOput.txt
2016-01-15 13:27 - 2016-01-15 13:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\ResetBitsTempFolder
2016-01-15 13:26 - 2016-01-17 18:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\msdtadmin
2016-01-15 13:25 - 2016-01-15 13:25 - 00302011 _____ C:\Users\Administrator\Desktop\WindowsUpdateDiagnostic.diagcab
2016-01-14 15:45 - 2016-01-14 15:45 - 00000000 ____D C:\KVRT_Data
2016-01-14 14:55 - 2016-01-14 14:55 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\qtsingleapp-launch-c522-1-lockfile
2016-01-14 14:54 - 2016-01-16 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2016-01-14 02:19 - 2016-01-14 02:19 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\qtsingleapp-cloudd-c51-1-lockfile
2016-01-13 12:38 - 2016-01-13 12:38 - 00002120 _____ C:\Users\Public\Desktop\Kaspersky Small Office Security.lnk
2016-01-13 12:38 - 2016-01-13 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Small Office Security
2016-01-13 12:38 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-01-13 11:56 - 2016-01-13 11:56 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\tmp4B4C.tmp
2016-01-13 11:29 - 2016-01-13 11:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\{36065382-AE77-4A3D-917F-2291080A68A8}
2016-01-13 11:11 - 2016-01-13 11:13 - 01603184 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\ksos15.0.2.361en_8257.exe
2016-01-13 09:39 - 2016-01-13 09:39 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-13 09:39 - 2016-01-13 09:39 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-13 09:39 - 2016-01-13 09:39 - 00000000 ____D C:\Program Files\CCleaner
2016-01-13 09:21 - 2016-01-13 09:36 - 06805440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup513.exe
2016-01-13 09:04 - 2016-01-18 09:29 - 00000498 __RSH C:\Users\ta.operator\ntuser.pol
2016-01-13 09:04 - 2016-01-18 09:29 - 00000000 ____D C:\Users\ta.operator
2016-01-13 09:04 - 2016-01-13 09:04 - 00001373 _____ C:\Users\ta.operator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 09:04 - 2016-01-13 09:04 - 00000020 ___SH C:\Users\ta.operator\ntuser.ini
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\My Documents
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Videos
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Pictures
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Music
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 ____D C:\Users\ta.operator\AppData\Roaming\Adobe
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 ____D C:\Users\ta.operator\AppData\Local\Temp\TeamViewer
2016-01-13 09:04 - 2015-08-26 14:43 - 00001140 _____ C:\Users\ta.operator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-13 09:04 - 2013-12-05 17:03 - 00002709 _____ C:\Users\ta.operator\Desktop\CommMaster.exe.lnk
2016-01-13 09:04 - 2013-12-05 16:44 - 00001126 _____ C:\Users\ta.operator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-13 01:03 - 2016-01-22 09:04 - 00000000 ____D C:\FRST
2016-01-13 00:46 - 2016-01-12 23:23 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST649.exe
2016-01-13 00:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-QTA0N.tmp
2016-01-12 23:58 - 2016-01-12 23:59 - 05200384 _____ (AVAST Software) C:\Users\Administrator\Downloads\aswmbr.exe
2016-01-12 23:49 - 2016-01-12 23:58 - 00975760 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.49.31_log.txt
2016-01-12 23:44 - 2016-01-12 23:47 - 00029726 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.44.53_log.txt
2016-01-12 23:19 - 2016-01-12 23:39 - 03052590 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.19.57_log.txt
2016-01-12 23:12 - 2016-01-12 23:15 - 00004758 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.12.03_log.txt
2016-01-12 23:05 - 2016-01-12 23:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-12 23:00 - 2016-01-12 23:06 - 00785246 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.00.00_log.txt
2016-01-12 22:28 - 2016-01-12 22:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28492206.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\311B1F75.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0B351F5F.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\73D678A1.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\6FC178B5.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\49DA789E.sys
2016-01-12 21:23 - 2016-01-12 21:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28D97070.sys
2016-01-12 10:25 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-01-12 10:19 - 2016-01-12 10:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\QuickScan
2016-01-12 10:18 - 2016-01-12 10:19 - 10447328 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition_x64.exe
2016-01-12 09:55 - 2016-01-12 09:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-01-12 09:52 - 2016-01-12 09:53 - 00162208 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition.exe
2016-01-12 09:26 - 2016-01-13 00:28 - 00000701 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-12 09:26 - 2016-01-13 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-12 09:26 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-12 09:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-12 09:18 - 2016-01-13 00:28 - 00000000 ____D C:\Malwarebytes Anti-Malware
2016-01-12 09:18 - 2016-01-12 09:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-12 08:43 - 2016-01-12 22:36 - 00000000 ____D C:\AdwCleaner
2016-01-12 08:30 - 2016-01-11 14:20 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-01-08 14:40 - 2016-01-08 14:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-08 13:15 - 2016-01-08 13:56 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 13:05 - 2016-01-08 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-08 12:03 - 2015-11-22 07:52 - 00001281 _____ C:\Users\Administrator\Desktop\Report Center.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:52 - 00001249 _____ C:\Users\Administrator\Desktop\E-Inspector.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:51 - 00001301 _____ C:\Users\Administrator\Desktop\Control Center.exe.lnk
2016-01-08 12:03 - 2015-10-07 19:56 - 00000997 _____ C:\Users\Administrator\Desktop\Start.lnk
2016-01-08 12:03 - 2015-08-26 14:43 - 00001140 _____ C:\Users\Administrator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-08 12:03 - 2015-07-25 07:34 - 00001216 _____ C:\Users\Administrator\Desktop\LicencingServiceHandle.exe - Shortcut.lnk
2016-01-08 12:03 - 2014-03-26 17:26 - 00001455 _____ C:\Users\Administrator\Desktop\Google Drive.lnk
2016-01-08 12:03 - 2013-12-05 17:03 - 00002709 _____ C:\Users\Administrator\Desktop\CommMaster.exe.lnk
2016-01-08 12:03 - 2013-12-05 16:44 - 00001126 _____ C:\Users\Administrator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-08 11:18 - 2016-01-17 23:25 - 00000498 __RSH C:\Users\Administrator\ntuser.pol
2016-01-08 10:26 - 2016-01-08 10:43 - 02113152 _____ C:\Users\Administrator\Downloads\PANDAFREEAV.exe
2016-01-05 07:00 - 2016-01-05 07:00 - 00000005 _____ C:\Windows\SysWOW64\uin_v5.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-22 08:44 - 2012-09-21 12:15 - 00006944 _____ C:\Windows\system32\config\netlogon.dnb
2016-01-22 08:44 - 2012-09-21 12:15 - 00002215 _____ C:\Windows\system32\config\netlogon.dns
2016-01-22 08:43 - 2013-09-17 11:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-22 08:42 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-22 08:42 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-22 08:39 - 2013-12-05 17:01 - 00000196 _____ C:\Windows\ODBC.INI
2016-01-22 08:09 - 2013-12-05 17:05 - 00002178 _____ C:\Windows\system32\ocxTaps.ocx
2016-01-21 20:35 - 2009-07-14 08:10 - 01167700 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 20:35 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-01-21 20:29 - 2009-07-14 06:20 - 00000000 ____D C:\Windows
2016-01-21 20:27 - 2012-09-26 12:26 - 00000000 ____D C:\Program Files\Symantec
2016-01-21 20:27 - 2012-09-26 12:25 - 00000000 ____D C:\ProgramData\Symantec
2016-01-21 20:27 - 2012-09-21 12:10 - 00000000 ____D C:\Windows\NTDS
2016-01-21 20:27 - 2012-09-21 12:09 - 00000000 ____D C:\Windows\system32\dns
2016-01-21 20:27 - 2009-07-14 08:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-21 17:24 - 2013-12-05 16:55 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio Express
2016-01-20 09:16 - 2015-11-24 13:07 - 00000035 _____ C:\Users\wing\Documents\LoginUser.ini
2016-01-20 09:11 - 2014-03-21 12:49 - 00000000 ____D C:\Users\wing
2016-01-18 21:38 - 2012-09-20 10:56 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-18 11:06 - 2012-10-22 19:49 - 00002286 ____H C:\Users\Administrator\Documents\Default.rdp
2016-01-17 23:25 - 2012-01-05 08:51 - 00000000 ___RD C:\Users\Administrator
2016-01-17 23:18 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-17 18:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system
2016-01-17 07:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2016-01-16 00:01 - 2009-07-14 07:49 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-14 14:51 - 2012-09-21 12:03 - 00000000 ____D C:\Windows\ADWS
2016-01-13 12:38 - 2014-10-01 16:12 - 00000000 ____D C:\Users\Lori
2016-01-13 11:59 - 2012-09-20 12:43 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2016-01-13 09:46 - 2012-12-06 19:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-01-13 09:46 - 2012-01-06 00:39 - 00000000 ____D C:\Windows\Panther
2016-01-13 02:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Cursors
2016-01-12 23:42 - 2012-01-05 08:55 - 00000000 ____D C:\Windows\system32\CPQNiMgt
2016-01-08 13:14 - 2012-10-23 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 09:38 - 2012-09-20 10:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-05 07:10 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\security
2015-12-30 10:02 - 2015-09-18 05:48 - 00000049 _____ C:\Users\Administrator\Documents\LoginUser.ini
 
==================== Files in the root of some directories =======
 
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Zillya Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Zillya Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\AVG Secure Search
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Baidu
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\InfoWatch
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Symantec Shared
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\AVG Secure Search
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Baidu
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\InfoWatch
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Symantec Shared
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360safe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360WD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avg2014
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Comodo
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\housecall.guid.cache
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\IObit Apps
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\LavasoftStatistics
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\McAfee File Lock
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\panda4_1dn
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360safe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360WD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avg2014
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Comodo
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\housecall.guid.cache
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\IObit Apps
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\LavasoftStatistics
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\McAfee File Lock
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\panda4_1dn
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Zillya Internet Security
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\360AntiHacker.sys
C:\Windows\System32\Drivers\360AntiHacker64.sys
C:\Windows\System32\Drivers\360AvFlt.sys
C:\Windows\System32\Drivers\360Box.sys
C:\Windows\System32\Drivers\360Box64.sys
C:\Windows\System32\Drivers\360Camera.sys
C:\Windows\System32\Drivers\360Camera64.sys
C:\Windows\System32\Drivers\360FsFlt.sys
C:\Windows\System32\Drivers\360SelfProtection.sys
C:\Windows\System32\Drivers\Aavmker4.sys
C:\Windows\System32\Drivers\abndis.sys
C:\Windows\System32\Drivers\abp470n5.sys
C:\Windows\System32\Drivers\afw.sys
C:\Windows\System32\Drivers\afwcore.sys
C:\Windows\System32\Drivers\AhnFlt2k.sys
C:\Windows\System32\Drivers\AhnRec2k.sys
C:\Windows\System32\Drivers\AhnRghNt.sys
C:\Windows\System32\Drivers\ahnsze.sys
C:\Windows\System32\Drivers\ale7_nf.sys
C:\Windows\System32\Drivers\ale7_nf64.sys
C:\Windows\System32\Drivers\ale_nf.sys
C:\Windows\System32\Drivers\ale_nf64.sys
C:\Windows\System32\Drivers\amm6460.sys
C:\Windows\System32\Drivers\amm8651.sys
C:\Windows\System32\Drivers\amm8660.sys
C:\Windows\System32\Drivers\AMonHKNT.sys
C:\Windows\System32\Drivers\AMonLWLH.sys
C:\Windows\System32\Drivers\AMonTDLH.sys
C:\Windows\System32\Drivers\AMonTDNt.sys
C:\Windows\System32\Drivers\apkhelper.sys
C:\Windows\System32\Drivers\APPFLT.SYS
C:\Windows\System32\Drivers\apsp.sys
C:\Windows\System32\Drivers\arcawfp.sys
C:\Windows\System32\Drivers\asd2fsm.sys
C:\Windows\System32\Drivers\asdids.sys
C:\Windows\System32\Drivers\aswHwid.sys
C:\Windows\System32\Drivers\aswMon2.sys
C:\Windows\System32\Drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswNdis.sys
C:\Windows\System32\Drivers\aswNdis2.sys
C:\Windows\System32\Drivers\aswNdisFlt.sys
C:\Windows\System32\Drivers\aswRdr.sys
C:\Windows\System32\Drivers\aswRdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswStm.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
C:\Windows\System32\Drivers\avasdmft.sys
C:\Windows\System32\Drivers\avc3.sys
C:\Windows\System32\Drivers\avchv.sys
C:\Windows\System32\Drivers\avckf.sys
C:\Windows\System32\Drivers\avf.sys
C:\Windows\System32\Drivers\avgboota.sys
C:\Windows\System32\Drivers\avgbootx.sys
C:\Windows\System32\Drivers\avgdiska.sys
C:\Windows\System32\Drivers\avgdiskx.sys
C:\Windows\System32\Drivers\avgfwd6a.sys
C:\Windows\System32\Drivers\avgfwd6x.sys
C:\Windows\System32\Drivers\avgfwdx.sys
C:\Windows\System32\Drivers\avgidsdrivera.sys
C:\Windows\System32\Drivers\avgidsdriverlx.sys
C:\Windows\System32\Drivers\avgidsdriverx.sys
C:\Windows\System32\Drivers\avgidsha.sys
C:\Windows\System32\Drivers\avgidshx.sys
C:\Windows\System32\Drivers\avgidsshimw8x.sys
C:\Windows\System32\Drivers\avgidsshimx.sys
C:\Windows\System32\Drivers\avgldx64.sys
C:\Windows\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgloga.sys
C:\Windows\System32\Drivers\avglogx.sys
C:\Windows\System32\Drivers\avgmfx64.sys
C:\Windows\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgntflt.sys
C:\Windows\System32\Drivers\avgrkx64.sys
C:\Windows\System32\Drivers\avgrkx86.sys
C:\Windows\System32\Drivers\avgtdia.sys
C:\Windows\System32\Drivers\avgtdix.sys
C:\Windows\System32\Drivers\avgwfpa.sys
C:\Windows\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avipbb.sys
C:\Windows\System32\Drivers\avkmgr.sys
C:\Windows\System32\Drivers\avnetflt.sys
C:\Windows\System32\Drivers\axflt.sys
C:\Windows\System32\Drivers\BAPIDRV.SYS
C:\Windows\System32\Drivers\BAPIDRV64.SYS
C:\Windows\System32\Drivers\bcfilter.sys
C:\Windows\System32\Drivers\bcfsrm.sys
C:\Windows\System32\Drivers\bcftdi.sys
C:\Windows\System32\Drivers\bc_hash_f.sys
C:\Windows\System32\Drivers\bc_ip_f.sys
C:\Windows\System32\Drivers\bc_ngn.sys
C:\Windows\System32\Drivers\bc_pat_f.sys
C:\Windows\System32\Drivers\bc_prt_f.sys
C:\Windows\System32\Drivers\bc_tdi_f.sys
C:\Windows\System32\Drivers\BdAgent.sys
C:\Windows\System32\Drivers\bdelam.sys
C:\Windows\System32\Drivers\bdfndisf.sys
C:\Windows\System32\Drivers\BdfNdisf6.sys
C:\Windows\System32\Drivers\bdfsfltr.sys
C:\Windows\System32\Drivers\BdNet.sys
C:\Windows\System32\Drivers\bdsandbox.sys
C:\Windows\System32\Drivers\bdsflt.sys
C:\Windows\System32\Drivers\bdsnm.sys
C:\Windows\System32\Drivers\BdSpy.sys
C:\Windows\System32\Drivers\bdvedisk.sys
C:\Windows\System32\Drivers\Bfilter.sys
C:\Windows\System32\Drivers\Bfmon.sys
C:\Windows\System32\Drivers\Bhbase.sys
C:\Windows\System32\Drivers\bnbasex64.sys
C:\Windows\System32\Drivers\bndef64.sys
C:\Windows\System32\Drivers\Bprotect.sys
C:\Windows\System32\Drivers\BprotectEx.sys
C:\Windows\System32\Drivers\bsfs.sys
C:\Windows\System32\Drivers\catflt.sys
C:\Windows\System32\Drivers\CdmDrvNt.sys
C:\Windows\System32\Drivers\cfwids.sys
C:\Windows\System32\Drivers\cmderd.sys
C:\Windows\System32\Drivers\cmdguard.sys
C:\Windows\System32\Drivers\cmdhlp.sys
C:\Windows\System32\Drivers\COMFiltr.sys
C:\Windows\System32\Drivers\DrWebLwf.sys
C:\Windows\System32\Drivers\dsaflt.sys
C:\Windows\System32\Drivers\dsaflt64.sys
C:\Windows\System32\Drivers\dwdg.sys
C:\Windows\System32\Drivers\dwprot.sys
C:\Windows\System32\Drivers\dw_wfp.sys
C:\Windows\System32\Drivers\eamon.sys
C:\Windows\System32\Drivers\eamonm.sys
C:\Windows\System32\Drivers\econceal.sys
C:\Windows\System32\Drivers\edevmon.sys
C:\Windows\System32\Drivers\efimon.sys
C:\Windows\System32\Drivers\ehdrv.sys
C:\Windows\System32\Drivers\emlssx.sys
C:\Windows\System32\Drivers\EMLTDI.SYS
C:\Windows\System32\Drivers\epfw.sys
C:\Windows\System32\Drivers\EpfwLWF.sys
C:\Windows\System32\Drivers\epfwndis.sys
C:\Windows\System32\Drivers\epfwtdi.sys
C:\Windows\System32\Drivers\epfwwfp.sys
C:\Windows\System32\Drivers\epfwwfpr.sys
C:\Windows\System32\Drivers\fnetm64.sys
C:\Windows\System32\Drivers\fnetmon.sys
C:\Windows\System32\Drivers\FPAV_RTP.sys
C:\Windows\System32\Drivers\fsbts.sys
C:\Windows\System32\Drivers\fwcore.sys
C:\Windows\System32\Drivers\GDBehave.sys
C:\Windows\System32\Drivers\gddcd64.sys
C:\Windows\System32\Drivers\gddcv64.sys
C:\Windows\System32\Drivers\GDNdisIc.sys
C:\Windows\System32\Drivers\GDTdiIcpt.sys
C:\Windows\System32\Drivers\gdwfpcd32.sys
C:\Windows\System32\Drivers\gdwfpcd64.sys
C:\Windows\System32\Drivers\gfiark.sys
C:\Windows\System32\Drivers\gfiutil.sys
C:\Windows\System32\Drivers\ggc.sys
C:\Windows\System32\Drivers\gzflt.sys
C:\Windows\System32\Drivers\HipShieldK.sys
C:\Windows\System32\Drivers\HookCentre.sys
C:\Windows\System32\Drivers\HookHelp.sys
C:\Windows\System32\Drivers\hookport.sys
C:\Windows\System32\Drivers\Hooksys.sys
C:\Windows\System32\Drivers\HookTdi.sys
C:\Windows\System32\Drivers\hvm.sys
C:\Windows\System32\Drivers\idsflt.sys
C:\Windows\System32\Drivers\idsflt64.sys
C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
C:\Windows\System32\Drivers\immunetprotect.sys
C:\Windows\System32\Drivers\immunetselfprotect.sys
C:\Windows\System32\Drivers\inspect.sys
C:\Windows\System32\Drivers\K7FWFilt.sys
C:\Windows\System32\Drivers\K7FWHlpr.sys
C:\Windows\System32\Drivers\K7Sentry.sys
C:\Windows\System32\Drivers\K7TdiHlp.sys
C:\Windows\System32\Drivers\kl1.sys
C:\Windows\System32\Drivers\kl2.sys
C:\Windows\System32\Drivers\kldisk.sys
C:\Windows\System32\Drivers\klelam.sys
C:\Windows\System32\Drivers\klflt.sys
C:\Windows\System32\Drivers\klhk.sys
C:\Windows\System32\Drivers\klif.sys
C:\Windows\System32\Drivers\klim5.sys
C:\Windows\System32\Drivers\klim6.sys
C:\Windows\System32\Drivers\klpd.sys
C:\Windows\System32\Drivers\kltdi.sys
C:\Windows\System32\Drivers\klwfp.sys
C:\Windows\System32\Drivers\klwtp.sys
C:\Windows\System32\Drivers\KmxAgent.sys
C:\Windows\System32\Drivers\KmxAMRT.sys
C:\Windows\System32\Drivers\KmxCF.sys
C:\Windows\System32\Drivers\KmxCfg.sys
C:\Windows\System32\Drivers\KmxFile.sys
C:\Windows\System32\Drivers\KmxFilter.sys
C:\Windows\System32\Drivers\KmxFw.sys
C:\Windows\System32\Drivers\KmxSbx.sys
C:\Windows\System32\Drivers\KmxStart.sys
C:\Windows\System32\Drivers\kneps.sys
C:\Windows\System32\Drivers\kvnet.sys
C:\Windows\System32\Drivers\kwflower.sys
C:\Windows\System32\Drivers\kwfupper.sys
C:\Windows\System32\Drivers\llio.sys
C:\Windows\System32\Drivers\MBAMSwissArmy.sys
C:\Windows\System32\Drivers\McPvDrv.sys
C:\Windows\System32\Drivers\mfeapfk.sys
C:\Windows\System32\Drivers\mfeavfk.sys
C:\Windows\System32\Drivers\mfebopk.sys
C:\Windows\System32\Drivers\mfeclnrk.sys
C:\Windows\System32\Drivers\mfeelamk.sys
C:\Windows\System32\Drivers\mfefirek.sys
C:\Windows\System32\Drivers\mfehidk.sys
C:\Windows\System32\Drivers\mfencbdc.sys
C:\Windows\System32\Drivers\mfencrk.sys
C:\Windows\System32\Drivers\mfewfpk.sys
C:\Windows\System32\Drivers\MiniIcpt.sys
C:\Windows\System32\Drivers\MOBK.sys
C:\Windows\System32\Drivers\mscank.sys
C:\Windows\System32\Drivers\mwac.sys
C:\Windows\System32\Drivers\mwfsmflt.sys
C:\Windows\System32\Drivers\n64i1644.sys
C:\Windows\System32\Drivers\netcontroller.sys
C:\Windows\System32\Drivers\netfilter.sys
C:\Windows\System32\Drivers\NETFLTDI.SYS
C:\Windows\System32\Drivers\neti1644.sys
C:\Windows\System32\Drivers\NETTDI64.SYS
C:\Windows\System32\Drivers\nnetsec.sys
C:\Windows\System32\Drivers\nnetsecl.sys
C:\Windows\System32\Drivers\nnetsecl64.sys
C:\Windows\System32\Drivers\NNSAlpc.sys
C:\Windows\System32\Drivers\NNSHttp.sys
C:\Windows\System32\Drivers\NNSHttps.sys
C:\Windows\System32\Drivers\NNSIds.sys
C:\Windows\System32\Drivers\NNSNAHS.sys
C:\Windows\System32\Drivers\NNSNAHSL.sys
C:\Windows\System32\Drivers\NNSpicc.sys
C:\Windows\System32\Drivers\NNSpihs.sys
C:\Windows\System32\Drivers\NNSPihsw.sys
C:\Windows\System32\Drivers\NNSPop3.sys
C:\Windows\System32\Drivers\NNSProt.sys
C:\Windows\System32\Drivers\NNSPrv.sys
C:\Windows\System32\Drivers\NNSSmtp.sys
C:\Windows\System32\Drivers\NNSStrm.sys
C:\Windows\System32\Drivers\NNStlsc.sys
C:\Windows\System32\Drivers\npf.sys
C:\Windows\System32\Drivers\NSKernel.sys
C:\Windows\System32\Drivers\NSNetmon.sys
C:\Windows\System32\Drivers\nvcv64mf.sys
C:\Windows\System32\Drivers\OADriver.sys
C:\Windows\System32\Drivers\oahlp32.sys
C:\Windows\System32\Drivers\OAmon.sys
C:\Windows\System32\Drivers\OAnet.sys
C:\Windows\System32\Drivers\pavboot.sys
C:\Windows\System32\Drivers\pavboot64.sys
C:\Windows\System32\Drivers\PavProc.sys
C:\Windows\System32\Drivers\PCTBD64.sys
C:\Windows\System32\Drivers\pctBTFix64.sys
C:\Windows\System32\Drivers\PCTCore64.sys
C:\Windows\System32\Drivers\pctDS64.sys
C:\Windows\System32\Drivers\pctEFA64.sys
C:\Windows\System32\Drivers\pctgntdi64.sys
C:\Windows\System32\Drivers\pctplsg64.sys
C:\Windows\System32\Drivers\pctplsm64.sys
C:\Windows\System32\Drivers\PCTSD64.sys
C:\Windows\System32\Drivers\pctwfpfilter64.sys
C:\Windows\System32\Drivers\PktIcpt.sys
C:\Windows\System32\Drivers\PROCEXP152.SYS
C:\Windows\System32\Drivers\protreg.sys
C:\Windows\System32\Drivers\PSINAflt.sys
C:\Windows\System32\Drivers\PSINFile.sys
C:\Windows\System32\Drivers\PSINKNC.sys
C:\Windows\System32\Drivers\PSINProc.sys
C:\Windows\System32\Drivers\PSINProt.sys
C:\Windows\System32\Drivers\PSINReg.sys
C:\Windows\System32\Drivers\PSKMAD.sys
C:\Windows\System32\Drivers\pwipf6.sys
C:\Windows\System32\Drivers\qutmdrv.sys
C:\Windows\System32\Drivers\qutmipc.sys
C:\Windows\System32\Drivers\saappctl.sys
C:\Windows\System32\Drivers\SandBox.sys
C:\Windows\System32\Drivers\SandBox64.sys
C:\Windows\System32\Drivers\sascan.sys
C:\Windows\System32\Drivers\savonaccess.sys
C:\Windows\System32\Drivers\savonaccesscontrol.sys
C:\Windows\System32\Drivers\savonaccessfilter.sys
C:\Windows\System32\Drivers\sbaphd.sys
C:\Windows\System32\Drivers\sbapifs.sys
C:\Windows\System32\Drivers\SbFw.sys
C:\Windows\System32\Drivers\SbFwIm.sys
C:\Windows\System32\Drivers\sbhips.sys
C:\Windows\System32\Drivers\sbtis.sys
C:\Windows\System32\Drivers\sbwtis.sys
C:\Windows\System32\Drivers\scfdriver.sys
C:\Windows\System32\Drivers\scfndis.sys
C:\Windows\System32\Drivers\SFWCallout.sys
C:\Windows\System32\Drivers\ShldFlt.sys
C:\Windows\System32\Drivers\ShlDrv51.sys
C:\Windows\System32\Drivers\skmscan.sys
C:\Windows\System32\Drivers\SLogDrv.sys
C:\Windows\System32\Drivers\SophosBootDriver.sys
C:\Windows\System32\Drivers\spiderg3.sys
C:\Windows\System32\Drivers\spyemrg.sys
C:\Windows\System32\Drivers\spyemrg_access.sys
C:\Windows\System32\Drivers\spyemrg_guard.sys
C:\Windows\System32\Drivers\ssmdrv.sys
C:\Windows\System32\Drivers\swi_callout.sys
C:\Windows\System32\Drivers\SYMEVENT.SYS
C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
C:\Windows\System32\Drivers\SysPlant.sys
C:\Windows\System32\Drivers\tdifw.sys
C:\Windows\System32\Drivers\tdi_nf.sys
C:\Windows\System32\Drivers\Teefer.sys
C:\Windows\System32\Drivers\TFsFltX64.sys
C:\Windows\System32\Drivers\tmactmon.sys
C:\Windows\System32\Drivers\tmcomm.sys
C:\Windows\System32\Drivers\TMEBC32.sys
C:\Windows\System32\Drivers\TMEBC64.sys
C:\Windows\System32\Drivers\tmeevw.sys
C:\Windows\System32\Drivers\tmel.sys
C:\Windows\System32\Drivers\tmevtmgr.sys
C:\Windows\System32\Drivers\tmnciesc.sys
C:\Windows\System32\Drivers\tmusa.sys
C:\Windows\System32\Drivers\tpdevflt.sys
C:\Windows\System32\Drivers\tpsec.sys
C:\Windows\System32\Drivers\Trufos.sys
C:\Windows\System32\Drivers\TS4nt.sys
C:\Windows\System32\Drivers\v3engine.sys
C:\Windows\System32\Drivers\VBEngNT.sys
C:\Windows\System32\Drivers\vrptcomn.sys
C:\Windows\System32\Drivers\vsdatant.sys
C:\Windows\System32\Drivers\webssx.sys
C:\Windows\System32\Drivers\WGX64.SYS
C:\Windows\System32\Drivers\wnmflt.sys
C:\Windows\System32\Drivers\wnmflt64.sys
C:\Windows\System32\Drivers\WRkrn.sys
C:\Windows\System32\Drivers\wrUrlFlt.sys
C:\Windows\System32\Drivers\wsnf.sys
C:\Windows\System32\Drivers\wstif.sys
C:\Windows\System32\Drivers\znf.sys
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-21 22:10
 
==================== End of FRST.txt ============================


#5 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 22 January 2016 - 11:50 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by administrator (2016-01-22 09:06:00)
Running from C:\Users\Administrator\Desktop
Windows Server 2008 R2 Standard Service Pack 1 (X64) (2012-01-05 05:49:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2111210579-2508024259-4227724949-500 - Administrator - Enabled)
Guest (S-1-5-21-2111210579-2508024259-4227724949-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
mes (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ramadhani (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
kevin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
grace (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
benard (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
joyce (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
yudra (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
rfid (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
wing (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
pattern (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
polly (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ntsec_admin (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
updater (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ta.operator (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-HV1$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-WITNESS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-WIT$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-HV2$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC03$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC04$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC05$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC06$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC10$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
AX-OPERATION1$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
Basic Dll (HKLM-x32\...\{A161569E-5716-4723-810A-543D11085A84}) (Version: 1.00.0000 - Your Company Name)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CommMaster (HKLM-x32\...\{F1F1E134-D752-4F64-B911-54FD24470AB7}) (Version: 1.00.0000 - Bitplus Solutions Pvt Ltd.)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{B3483815-1FDD-4858-9AC6-561668DF4CB7}) (Version: 8.70.9.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{FA2F10E2-5C8D-45CE-9BA6-7F36358AA59A}) (Version: 8.70.8.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics  Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.7.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{F0441130-12F7-4863-8082-F288C2C8DA0D}) (Version: 8.70.0.0 - Hewlett-Packard Company)
HP Insight Management WBEM Providers for Windows Server 2003/2008 x64 Editions (HKLM\...\HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}) (Version: 2.8.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{738E8C94-69B6-4B2A-8C49-B9953FC9BDF1}) (Version: 3.1.1.0 - Hewlett-Packard Development Company, L.P.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.3.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{FD0113AF-30E4-4618-BB9F-D6693A6ADCE2}) (Version: 5.25.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{E126B2CA-8E29-4A1B-97A3-DD9D336611C9}) (Version: 6.24.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.3.0 - Hewlett-Packard Development Company, L.P.)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.3.0.870 - Hewlett Packard Development Company, L.P.)
Kaspersky Small Office Security (HKLM-x32\...\InstallWIX_{33F9240D-1887-4FF9-8A6E-35F32A05A277}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Small Office Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{966FBF69-F373-4E40-AA4A-3428BCEFC0D2}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PayMaster (HKLM-x32\...\{C2FBCACC-1378-44ED-960E-FBC38107025D}) (Version: 11.0.100 - Endeavour Africa Limited)
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Symantec Backup Exec Remote Agent for Windows (HKLM\...\Remote Agent for Windows Servers) (Version: 14.0.1798 - Symantec Corporation)
Symantec Backup Exec Remote Agent for Windows (Version: 14.0.1798 - Symantec Corporation) Hidden
TA Master (HKLM-x32\...\{21DE695A-C5DE-4642-A001-843C70E23C4A}) (Version: 11.0.100 - Endeavourafrica)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07EC4DB6-C462-480B-82A7-324943AAAB60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56184CA7-B372-451C-941E-9AB8BECE0830} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56CBC736-1731-4CB0-9906-B9A75AC60BC8} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {639C8FF9-34CB-4713-A67D-7F5A272F2B90} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {9C530414-EC31-4F0E-98CB-038E0137613B} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {9DA6354B-4BB1-4883-AA17-3F01F58FFEAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A25A0A3C-C5BA-4422-8F26-734843C3932A} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {AB4B612D-2B13-4352-B897-86EC7BB5B253} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-21] (Microsoft Corporation)
Task: {C4F6244D-511E-43F1-A48F-EFDE1F99085D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Administrator\Desktop\Start.lnk -> D:\RFID\5.Start\Start.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-03-30 09:31 - 2012-03-30 09:31 - 00087704 _____ () C:\Windows\System32\PDVFSNP.dll
2009-11-06 09:33 - 2009-11-06 09:33 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00032768 _____ () C:\Program Files\HPWBEM\Storage\Service\CQMGSTOR.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00029696 _____ () C:\Program Files\HPWBEM\Storage\Service\cqstrutl.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00057344 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMSCSI.DLL
2011-01-06 16:22 - 2011-01-06 16:22 - 00041472 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMDISK.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00048640 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQSAS.DLL
2012-01-05 08:55 - 2011-01-12 09:42 - 01550336 _____ () C:\hp\hpsmh\bin\libxml2.dll
2012-01-05 08:55 - 2011-01-12 09:37 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2012-01-05 08:55 - 2011-01-12 09:42 - 01550336 _____ () C:\hp\hpsmh\modules\libxml2.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00931840 _____ () C:\Program Files\HPWBEM\Storage\dll\infomgr.dll
2013-12-07 10:45 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-02-27 16:56 - 2014-02-27 18:49 - 00397824 _____ () C:\Bitplus\CommMaster\DownloadData.exe
2016-01-21 20:29 - 2016-01-21 20:29 - 00098816 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32api.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00110080 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\pywintypes27.dll
2016-01-21 20:29 - 2016-01-21 20:29 - 00364544 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\pythoncom27.dll
2016-01-21 20:29 - 2016-01-21 20:29 - 00045568 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_socket.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 01161216 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_ssl.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00320512 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32com.shell.shell.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00713216 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_hashlib.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 01175040 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._core_.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00805888 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._gdi_.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00811008 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._windows_.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 01062400 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._controls_.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00735232 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._misc_.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00682496 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\pysqlite2._sqlite.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00087552 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_ctypes.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00119808 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32file.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00108544 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32security.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00007168 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\hashobjs_ext.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00026624 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\usb_ext.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00167936 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32gui.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00018432 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32event.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00128512 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_elementtree.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00127488 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\pyexpat.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00013824 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\common.time34.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00036864 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_psutil_windows.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00038912 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32inet.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00011264 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32crypt.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00070656 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._html2.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00027136 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_multiprocessing.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00020480 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\_yappi.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00035840 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32process.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00686080 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\unicodedata.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00122368 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._wizard.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00024064 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32pipe.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00010240 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\select.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00025600 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32pdh.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00525640 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\windows._lib_cacheinvalidation.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00017408 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32profile.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00022528 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\win32ts.pyd
2016-01-21 20:29 - 2016-01-21 20:29 - 00078336 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI63682\wx._animate.pyd
2014-02-14 10:10 - 2013-11-25 13:29 - 00043520 _____ () C:\Bitplus\CommMaster\BitLicenseConfiguration.dll
2010-04-15 18:35 - 2010-04-15 18:35 - 00053248 _____ () C:\Bitplus\CommMaster\AxInterop.zkemkeeper.dll
2009-09-15 14:16 - 2011-11-29 15:37 - 00209408 _____ () C:\Windows\SysWOW64\zkemsdk.dll
2007-11-01 12:39 - 2011-11-29 15:37 - 00064512 _____ () C:\Windows\SysWOW64\commpro.dll
2010-12-13 08:41 - 2010-12-13 08:41 - 00258048 _____ () C:\Bitplus\CommMaster\BS_SDK.dll
2009-07-14 00:03 - 2009-07-14 04:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2004-09-19 23:31 - 2004-09-19 23:31 - 00098304 _____ () C:\Windows\SysWOW64\ArButtonXP.ocx
2006-11-25 20:48 - 2006-11-25 20:48 - 00017920 _____ () C:\Windows\SysWOW64\IMPLODE.DLL
2005-08-28 22:16 - 2005-08-28 22:16 - 00040960 _____ () C:\Windows\crystal\u2lbar.dll
2005-08-28 22:16 - 2005-08-28 22:16 - 00038400 _____ () C:\Windows\crystal\u2ldts.dll
2005-08-28 22:16 - 2005-08-28 22:16 - 00036864 _____ () C:\Windows\crystal\u2lexch.dll
2005-08-28 22:16 - 2005-08-28 22:16 - 00012288 _____ () C:\Windows\crystal\u2lfinra.dll
2005-08-28 22:16 - 2005-08-28 22:16 - 00027136 _____ () C:\Windows\crystal\u2lsamp1.dll
2005-08-28 22:16 - 2005-08-28 22:16 - 00044544 _____ () C:\Windows\crystal\u25dts.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\Temp:1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45926310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87663587.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45926310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87663587.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:31 - 2009-07-14 02:31 - 00006772 ___SH C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 account.norton.com
0.0.0.0 www.gmer.net
0.0.0.0 bleepingcomputer.com
0.0.0.0 www.bleepingcomputer.com
0.0.0.0 malekal.com
0.0.0.0 www.malekal.com
0.0.0.0 accounts.comodo.com
0.0.0.0 activation.adtrustmedia.com
0.0.0.0 activation-v2.kaspersky.com
0.0.0.0 auth.ff.avast.com
0.0.0.0 avstats.avira.com
0.0.0.0 backup1.bullguard.com
0.0.0.0 buddy.bitdefender.com
0.0.0.0 c2.dev.drweb.com
0.0.0.0 antivirus.baidu.com
0.0.0.0 cdn.static.malwarebytes.org
0.0.0.0 csasmain.symantec.com
0.0.0.0 definitionsbd.lavasoft.com
0.0.0.0 dm.kaspersky-labs.com
0.0.0.0 dnsscan.shadowserver.org
0.0.0.0 download.bitdefender.com
0.0.0.0 download.bullguard.com
0.0.0.0 download.comodo.com
0.0.0.0 download.eset.com
0.0.0.0 download.geo.drweb.com
0.0.0.0 downloadnada.lavasoft.com
0.0.0.0 downloads.comodo.com
0.0.0.0 downloads.lavasoft.com
0.0.0.0 www.reasoncoresecurity.com
0.0.0.0 reasoncoresecurity.com
 
There are 212 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2966851551-1307263621-31438361-1157\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 196.46.104.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [{395C6DD3-D0DF-40DA-8FCF-40F1915382A7}] => (Allow) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
FirewallRules: [Remrras-In-RPC] => (Allow) %systemroot%\system32\remrras.exe
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe
FirewallRules: [{004E0287-82A2-418D-8AD6-0D5E96BEBDCC}] => (Allow) %ProgramFiles% (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
FirewallRules: [{947463A8-6032-4CD4-9444-037161750CA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FE5E028-F1D6-4E75-843E-0C1E33901E18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11E8E939-60E2-4E9E-A148-604E528BA931}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EF0B5E35-5C0E-4C80-9F72-E4E2E5797E4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9BB44BD9-DE25-4B63-9384-AF647C45DC0D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FC6BB805-0AAD-4F2E-80ED-753226557DF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2016 08:34:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: MEA)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
 
Error: (01/22/2016 08:34:08 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: MEA)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
 
Error: (01/22/2016 07:22:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DownloadData.exe, version: 1.27.0.0, time stamp: 0x530f3b4f
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0xc0000005
Fault offset: 0x001fe8ae
Faulting process id: 0x%9
Faulting application start time: 0xDownloadData.exe0
Faulting application path: DownloadData.exe1
Faulting module path: DownloadData.exe2
Report Id: DownloadData.exe3
 
Error: (01/22/2016 07:22:42 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (69D3FB1E) (80131506)
 
Error: (01/22/2016 01:34:48 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418225
 
Error: (01/21/2016 08:31:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   Initializing Writer
 
Context:
   Writer Class Id: {35e81631-13e1-48db-97fc-d5bc721bb18a}
   Writer Name: NPS VSS Writer
   Writer Instance ID: {e535bf79-2ce8-4595-8314-4ad2bdbf8b3b}
 
Error: (01/21/2016 08:29:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/21/2016 08:29:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966851551-1307263621-31438361-1122.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {6ffa15d0-1fa4-474e-9a6a-caa20718f230}
 
Error: (01/21/2016 08:29:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/WMIselect * from HP_McSystemEvent0x80041010
 
Error: (01/21/2016 08:28:14 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).
 
 
System errors:
=============
Error: (01/22/2016 08:35:58 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/22/2016 08:35:55 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HTMLDriver required for printer Click to Convert II is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/22/2016 08:09:10 AM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 2 required for printer Nitro PDF Creator 2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 11:53:08 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 2 required for printer Nitro PDF Creator 2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:51:44 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 2 required for printer Nitro PDF Creator 2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:50:18 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:50:15 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HTMLDriver required for printer Click to Convert II is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:37:06 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Nitro PDF Driver 2 required for printer Nitro PDF Creator 2 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:26:36 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.
 
Error: (01/21/2016 09:26:32 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HTMLDriver required for printer Click to Convert II is unknown. Contact the administrator to install the driver before you log in again.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5645 @ 2.40GHz
Percentage of memory in use: 20%
Total physical RAM: 30709.8 MB
Available physical RAM: 24400.78 MB
Total Virtual: 61417.81 MB
Available Virtual: 54583.5 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:136.69 GB) (Free:47.58 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:838.09 GB) (Free:655.83 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 136.7 GB) (Disk ID: 2AD03F45)
Partition 1: (Active) - (Size=136.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: EB3CB301)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Update on computer behavior :
 
The malware has become more 'aggressive'. It have disabled my antivirus.
 
P.S : Sorry for multipost. I have error when posting in a single reply


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 23 January 2016 - 03:30 PM

Hi Kevin,

I always try to be overly cautious when dealing with servers because I am unfamiliar with the Operating Systems and the obvious widespread ramifications if something goes wrong. For those reasons I am going to ask for your assistance.

In addition to malware still being present on your system there are some oddities in the logs and I would like some feedback from you before doing anything. Though I would request you review both the FRST and Addition logs in their entirety and report things that look suspicious to you, I would like you to help me makes some sense of two lists.

These had registry permissions issues:
 

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"360AntiHacker" => service was unlocked. <===== ATTENTION
"360AvFlt" => service was unlocked. <===== ATTENTION
"360Box" => service was unlocked. <===== ATTENTION
"360Box64" => service was unlocked. <===== ATTENTION
"360Camera" => service was unlocked. <===== ATTENTION
etc.


-----

These are zero byte folders/files:
 

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360AvFlt; C:\Windows\System32\Drivers\360AvFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box; C:\Windows\System32\Drivers\360Box.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box64; C:\Windows\System32\Drivers\360Box64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Camera; C:\Windows\System32\Drivers\360Camera.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360fsflt; C:\Windows\System32\Drivers\360fsflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
etc.


-----

I guess what I am asking is for your insight before we continue to manipulate your computer. I don't want to inadvertently do more harm than good.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 January 2016 - 12:12 AM

Hi Gary,

 

Those are file created by the virus. It has created those files with no permission so that it can not be deleted.

Those files prevent the installation of common antivirus since when installing them. I have an error that files can not be installed.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 25 January 2016 - 10:15 AM

Thanks, and one more point of clarification and a step to take.

I am assuming these are related to the malware but just want to make sure. They are read only folders which presents permissions issues, i.e. prevents changes. Please review this section in the log (only a partial list to provide an example) and confirm these were not created by you. Again, just being very cautious with your Server.
 

==================== Files in the root of some directories =======

2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Alwil Software


----------

Please do this. I am hopeful this program is compatible with your Server.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Program Files
C:\Users\Administrator\AppData
C:\ProgramData

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
  • Check your access to the folder/file
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Folders created by you?
  • Perms.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 25 January 2016 - 02:12 PM

Hi Gary,

 

No i did not create them.

 

 

GrantPerms by Farbar 
Ran by administrator (administrator) at 2016-01-25 22:11:40
 
===============================================
\\?\C:\Program Files
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
\\?\C:\Users\Administrator\AppData
 
   Owner: BUILTIN\Administrators
 
   DACL(NP)(AI):
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)(I)
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)(I)
   MEA\kevin   FULL   ALLOW   (CI)(OI)(I)
 
 
\\?\C:\ProgramData
 
   Owner: BUILTIN\Administrators
 
   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (CI)(OI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (CI)(OI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (CI)(OI)
 
 
 
================ End Of List ================


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 25 January 2016 - 02:25 PM

Thanks for the clarification. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Right click on FRST and select Run as Administrator
  • Press the Fix button, allow the program to run, and your computer will automatically reboot
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer behavior
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 28 January 2016 - 01:08 AM

Hi Gary
 
Fixlog :
 
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by administrator (2016-01-25 22:50:08) Run:8
Running from C:\Users\Administrator\Desktop
Loaded Profiles: ta.operator & administrator & MsDtsServer110 & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
U5 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360AvFlt; C:\Windows\System32\Drivers\360AvFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box; C:\Windows\System32\Drivers\360Box.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Box64; C:\Windows\System32\Drivers\360Box64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360Camera; C:\Windows\System32\Drivers\360Camera.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360fsflt; C:\Windows\System32\Drivers\360fsflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 360SelfProtection; C:\Windows\System32\Drivers\360SelfProtection.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ABndis; C:\Windows\System32\Drivers\ABndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AFW; C:\Windows\System32\Drivers\AFW.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 afwcore; C:\Windows\System32\Drivers\afwcore.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnFlt2K; C:\Windows\System32\Drivers\AhnFlt2K.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnRec2K; C:\Windows\System32\Drivers\AhnRec2K.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnRghNt; C:\Windows\System32\Drivers\AhnRghNt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AhnSZE; C:\Windows\System32\Drivers\AhnSZE.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ALE_NF; C:\Windows\System32\Drivers\ALE_NF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AMonLWLH; C:\Windows\System32\Drivers\AMonLWLH.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AMonTDLH; C:\Windows\System32\Drivers\AMonTDLH.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 APPFLT; C:\Windows\System32\Drivers\APPFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 arcawfp; C:\Windows\System32\Drivers\arcawfp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 asd2fsm; C:\Windows\System32\Drivers\asd2fsm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Asdids; C:\Windows\System32\Drivers\Asdids.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswHwid; C:\Windows\System32\Drivers\aswHwid.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdis; C:\Windows\System32\Drivers\aswNdis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswSP; C:\Windows\System32\Drivers\aswSP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswStm; C:\Windows\System32\Drivers\aswStm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avasdmft; C:\Windows\System32\Drivers\avasdmft.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avc3; C:\Windows\System32\Drivers\avc3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avckf; C:\Windows\System32\Drivers\avckf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgboota; C:\Windows\System32\Drivers\Avgboota.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgbootx; C:\Windows\System32\Drivers\Avgbootx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgdiska; C:\Windows\System32\Drivers\Avgdiska.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgdiskx; C:\Windows\System32\Drivers\Avgdiskx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgfwdx; C:\Windows\System32\Drivers\Avgfwdx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 AVGIDSHX; C:\Windows\System32\Drivers\AVGIDSHX.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgldx86; C:\Windows\System32\Drivers\Avgldx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avglogx; C:\Windows\System32\Drivers\Avglogx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgmfx86; C:\Windows\System32\Drivers\Avgmfx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgrkx86; C:\Windows\System32\Drivers\Avgrkx86.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgtdix; C:\Windows\System32\Drivers\Avgtdix.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgwfpa; C:\Windows\System32\Drivers\Avgwfpa.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Avgwfpx; C:\Windows\System32\Drivers\Avgwfpx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avipbb; C:\Windows\System32\Drivers\avipbb.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 avnetflt; C:\Windows\System32\Drivers\avnetflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BAPIDRV; C:\Windows\System32\Drivers\BAPIDRV.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bcfilter; C:\Windows\System32\Drivers\Bcfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bcfsrm; C:\Windows\System32\Drivers\bcfsrm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bcftdi; C:\Windows\System32\Drivers\bcftdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_hash_f; C:\Windows\System32\Drivers\bc_hash_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_ip_f; C:\Windows\System32\Drivers\bc_ip_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_ngn; C:\Windows\System32\Drivers\bc_ngn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_pat_f; C:\Windows\System32\Drivers\bc_pat_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_prt_f; C:\Windows\System32\Drivers\bc_prt_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bc_tdi_f; C:\Windows\System32\Drivers\bc_tdi_f.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdAgent; C:\Windows\System32\Drivers\BdAgent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdelam; C:\Windows\System32\Drivers\bdelam.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bdfndisf; C:\Windows\System32\Drivers\Bdfndisf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdNet; C:\Windows\System32\Drivers\BdNet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BDSandBox; C:\Windows\System32\Drivers\BDSandBox.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdsflt; C:\Windows\System32\Drivers\bdsflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bdsnm; C:\Windows\System32\Drivers\bdsnm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BdSpy; C:\Windows\System32\Drivers\BdSpy.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bfilter; C:\Windows\System32\Drivers\Bfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bfmon; C:\Windows\System32\Drivers\Bfmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bhbase; C:\Windows\System32\Drivers\Bhbase.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Bprotect; C:\Windows\System32\Drivers\Bprotect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 BprotectEx; C:\Windows\System32\Drivers\BprotectEx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 bsfs; C:\Windows\System32\Drivers\bsfs.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 catflt; C:\Windows\System32\Drivers\catflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 CdmDrvNt; C:\Windows\System32\Drivers\CdmDrvNt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cfwids; C:\Windows\System32\Drivers\cfwids.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmderd; C:\Windows\System32\Drivers\cmderd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ComFiltr; C:\Windows\System32\Drivers\ComFiltr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 DrWebLwf; C:\Windows\System32\Drivers\DrWebLwf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 DSAFLT; C:\Windows\System32\Drivers\DSAFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 DwProt; C:\Windows\System32\Drivers\DwProt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 eamon; C:\Windows\System32\Drivers\eamon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 eamonm; C:\Windows\System32\Drivers\eamonm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 econceal; C:\Windows\System32\Drivers\econceal.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 EfiMon; C:\Windows\System32\Drivers\EfiMon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 emlssx; C:\Windows\System32\Drivers\emlssx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfw; C:\Windows\System32\Drivers\epfw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Epfwndis; C:\Windows\System32\Drivers\Epfwndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwtdi; C:\Windows\System32\Drivers\epfwtdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FNETMON; C:\Windows\System32\Drivers\FNETMON.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FPAV_RTP; C:\Windows\System32\Drivers\FPAV_RTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 fsbts; C:\Windows\System32\Drivers\fsbts.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 FWCore; C:\Windows\System32\Drivers\FWCore.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 GDBehave; C:\Windows\System32\Drivers\GDBehave.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 GDNdisIc; C:\Windows\System32\Drivers\GDNdisIc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gfiark; C:\Windows\System32\Drivers\gfiark.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gfiutil; C:\Windows\System32\Drivers\gfiutil.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ggc; C:\Windows\System32\Drivers\ggc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 gzflt; C:\Windows\System32\Drivers\gzflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookCentre; C:\Windows\System32\Drivers\HookCentre.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookPort; C:\Windows\System32\Drivers\HookPort.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 hooksys; C:\Windows\System32\Drivers\hooksys.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 HookTdi; C:\Windows\System32\Drivers\HookTdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 IDSFLT; C:\Windows\System32\Drivers\IDSFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ImmunetProtect; C:\Windows\System32\Drivers\ImmunetProtect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 inspect; C:\Windows\System32\Drivers\inspect.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7FWFilt; C:\Windows\System32\Drivers\K7FWFilt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7FWHlpr; C:\Windows\System32\Drivers\K7FWHlpr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7Sentry; C:\Windows\System32\Drivers\K7Sentry.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 K7TdiHlp; C:\Windows\System32\Drivers\K7TdiHlp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kl1; C:\Windows\System32\Drivers\kl1.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kldisk; C:\Windows\System32\Drivers\kldisk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klelam; C:\Windows\System32\Drivers\klelam.sys [0 2016-01-21] () <==== ATTENTION (zero byte File/Folder)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klhk; C:\Windows\System32\Drivers\klhk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KLIF; C:\Windows\System32\Drivers\KLIF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klpd; C:\Windows\System32\Drivers\klpd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kltdi; C:\Windows\System32\Drivers\kltdi.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 klwfp; C:\Windows\System32\Drivers\klwfp.sys [0 2016-01-21] () <==== ATTENTION (zero byte File/Folder)
U5 klwtp; C:\Windows\System32\Drivers\klwtp.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxAgent; C:\Windows\System32\Drivers\KmxAgent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxAMRT; C:\Windows\System32\Drivers\KmxAMRT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxCF; C:\Windows\System32\Drivers\KmxCF.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxCfg; C:\Windows\System32\Drivers\KmxCfg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFile; C:\Windows\System32\Drivers\KmxFile.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFilter; C:\Windows\System32\Drivers\KmxFilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxFw; C:\Windows\System32\Drivers\KmxFw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxSbx; C:\Windows\System32\Drivers\KmxSbx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 KmxStart; C:\Windows\System32\Drivers\KmxStart.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kneps; C:\Windows\System32\Drivers\kneps.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kvnet; C:\Windows\System32\Drivers\kvnet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kwflower; C:\Windows\System32\Drivers\kwflower.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 kwfupper; C:\Windows\System32\Drivers\kwfupper.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 McPvDrv; C:\Windows\System32\Drivers\McPvDrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfebopk; C:\Windows\System32\Drivers\mfebopk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfeelamk; C:\Windows\System32\Drivers\mfeelamk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfencbdc; C:\Windows\System32\Drivers\mfencbdc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfencrk; C:\Windows\System32\Drivers\mfencrk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 mscank; C:\Windows\System32\Drivers\mscank.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 netcontroller; C:\Windows\System32\Drivers\netcontroller.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 netfilter; C:\Windows\System32\Drivers\netfilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NETFLTDI; C:\Windows\System32\Drivers\NETFLTDI.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 nnetsec; C:\Windows\System32\Drivers\nnetsec.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSALPC; C:\Windows\System32\Drivers\NNSALPC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSHTTP; C:\Windows\System32\Drivers\NNSHTTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSHTTPS; C:\Windows\System32\Drivers\NNSHTTPS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSIDS; C:\Windows\System32\Drivers\NNSIDS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSNAHS; C:\Windows\System32\Drivers\NNSNAHS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSNAHSL; C:\Windows\System32\Drivers\NNSNAHSL.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPICC; C:\Windows\System32\Drivers\NNSPICC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPIHS; C:\Windows\System32\Drivers\NNSPIHS.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPIHSW; C:\Windows\System32\Drivers\NNSPIHSW.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPOP3; C:\Windows\System32\Drivers\NNSPOP3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPROT; C:\Windows\System32\Drivers\NNSPROT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSPRV; C:\Windows\System32\Drivers\NNSPRV.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSSMTP; C:\Windows\System32\Drivers\NNSSMTP.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSSTRM; C:\Windows\System32\Drivers\NNSSTRM.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 NNSTLSC; C:\Windows\System32\Drivers\NNSTLSC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 OAmon; C:\Windows\System32\Drivers\OAmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 OAnet; C:\Windows\System32\Drivers\OAnet.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 pavboot; C:\Windows\System32\Drivers\pavboot.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PavProc; C:\Windows\System32\Drivers\PavProc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSINReg; C:\Windows\System32\Drivers\PSINReg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 PSKMAD; C:\Windows\System32\Drivers\PSKMAD.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 pwipf6; C:\Windows\System32\Drivers\pwipf6.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 qutmipc; C:\Windows\System32\Drivers\qutmipc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SandBox; C:\Windows\System32\Drivers\SandBox.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sascan; C:\Windows\System32\Drivers\sascan.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccess; C:\Windows\System32\Drivers\SAVOnAccess.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccessControl; C:\Windows\System32\Drivers\SAVOnAccessControl.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SAVOnAccessFilter; C:\Windows\System32\Drivers\SAVOnAccessFilter.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbaphd; C:\Windows\System32\Drivers\sbaphd.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbapifs; C:\Windows\System32\Drivers\sbapifs.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SbFw; C:\Windows\System32\Drivers\SbFw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbhips; C:\Windows\System32\Drivers\sbhips.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbtis; C:\Windows\System32\Drivers\sbtis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 sbwtis; C:\Windows\System32\Drivers\sbwtis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 scfdriver; C:\Windows\System32\Drivers\scfdriver.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 scfndis; C:\Windows\System32\Drivers\scfndis.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SFWCallout; C:\Windows\System32\Drivers\SFWCallout.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ShldFlt; C:\Windows\System32\Drivers\ShldFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SKMScan; C:\Windows\System32\Drivers\SKMScan.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SophosBootDriver; C:\Windows\System32\Drivers\SophosBootDriver.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SpiderG3; C:\Windows\System32\Drivers\SpiderG3.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SpyEmrg; C:\Windows\System32\Drivers\SpyEmrg.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 ssmdrv; C:\Windows\System32\Drivers\ssmdrv.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 swi_callout; C:\Windows\System32\Drivers\swi_callout.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SymEvent; C:\Windows\System32\Drivers\SymEvent.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tdifw; C:\Windows\System32\Drivers\tdifw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tdi_nf; C:\Windows\System32\Drivers\tdi_nf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmel; C:\Windows\System32\Drivers\tmel.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tmusa; C:\Windows\System32\Drivers\tmusa.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tpdevflt; C:\Windows\System32\Drivers\tpdevflt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 tpsec; C:\Windows\System32\Drivers\tpsec.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 trufos; C:\Windows\System32\Drivers\trufos.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 TS4NT; C:\Windows\System32\Drivers\TS4NT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 v3engine; C:\Windows\System32\Drivers\v3engine.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 VBEngNT; C:\Windows\System32\Drivers\VBEngNT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 vrptcomn; C:\Windows\System32\Drivers\vrptcomn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 webssx; C:\Windows\System32\Drivers\webssx.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 WNMFLT; C:\Windows\System32\Drivers\WNMFLT.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wrUrlFlt; C:\Windows\System32\Drivers\wrUrlFlt.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wsnf; C:\Windows\System32\Drivers\wsnf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 wstif; C:\Windows\System32\Drivers\wstif.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
U5 Znf; C:\Windows\System32\Drivers\Znf.sys [0 2009-07-14] () <==== ATTENTION (zero byte File/Folder)
2016-01-22 08:35 - 2016-01-22 09:00 - 00000000 ____D C:\Users\ta.operator\AppData\Local\Temp\4
2016-01-21 20:29 - 2016-01-22 09:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2016-01-21 20:29 - 2016-01-21 20:29 - 00000000 __SHD C:\Users\Administrator\AppData\Roaming\jMYkWQPE9fo
2016-01-21 20:16 - 2016-01-21 20:16 - 00327680 _____ C:\Users\Administrator\AppData\Local\Temp\~DFEA78CF8729C5B640.TMP
2016-01-19 11:30 - 2016-01-19 11:34 - 00360448 _____ C:\Users\Administrator\AppData\Local\Temp\~DFD54A93BB1FA6FC5C.TMP
2016-01-17 14:38 - 2016-01-17 14:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\7zS82CA8405
2016-01-13 11:56 - 2016-01-13 11:56 - 00000000 _____ C:\Users\Administrator\AppData\Local\Temp\tmp4B4C.tmp
2016-01-13 11:29 - 2016-01-13 11:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\{36065382-AE77-4A3D-917F-2291080A68A8}
C:\Windows\System32\Drivers\360AntiHacker.sys
C:\Windows\System32\Drivers\360AntiHacker64.sys
C:\Windows\System32\Drivers\360AvFlt.sys
C:\Windows\System32\Drivers\360Box.sys
C:\Windows\System32\Drivers\360Box64.sys
C:\Windows\System32\Drivers\360Camera.sys
C:\Windows\System32\Drivers\360Camera64.sys
C:\Windows\System32\Drivers\360FsFlt.sys
C:\Windows\System32\Drivers\360SelfProtection.sys
C:\Windows\System32\Drivers\Aavmker4.sys
C:\Windows\System32\Drivers\abndis.sys
C:\Windows\System32\Drivers\abp470n5.sys
C:\Windows\System32\Drivers\afw.sys
C:\Windows\System32\Drivers\afwcore.sys
C:\Windows\System32\Drivers\AhnFlt2k.sys
C:\Windows\System32\Drivers\AhnRec2k.sys
C:\Windows\System32\Drivers\AhnRghNt.sys
C:\Windows\System32\Drivers\ahnsze.sys
C:\Windows\System32\Drivers\ale7_nf.sys
C:\Windows\System32\Drivers\ale7_nf64.sys
C:\Windows\System32\Drivers\ale_nf.sys
C:\Windows\System32\Drivers\ale_nf64.sys
C:\Windows\System32\Drivers\amm6460.sys
C:\Windows\System32\Drivers\amm8651.sys
C:\Windows\System32\Drivers\amm8660.sys
C:\Windows\System32\Drivers\AMonHKNT.sys
C:\Windows\System32\Drivers\AMonLWLH.sys
C:\Windows\System32\Drivers\AMonTDLH.sys
C:\Windows\System32\Drivers\AMonTDNt.sys
C:\Windows\System32\Drivers\apkhelper.sys
C:\Windows\System32\Drivers\APPFLT.SYS
C:\Windows\System32\Drivers\apsp.sys
C:\Windows\System32\Drivers\arcawfp.sys
C:\Windows\System32\Drivers\asd2fsm.sys
C:\Windows\System32\Drivers\asdids.sys
C:\Windows\System32\Drivers\aswHwid.sys
C:\Windows\System32\Drivers\aswMon2.sys
C:\Windows\System32\Drivers\aswMonFlt.sys
C:\Windows\System32\Drivers\aswNdis.sys
C:\Windows\System32\Drivers\aswNdis2.sys
C:\Windows\System32\Drivers\aswNdisFlt.sys
C:\Windows\System32\Drivers\aswRdr.sys
C:\Windows\System32\Drivers\aswRdr2.sys
C:\Windows\System32\Drivers\aswRvrt.sys
C:\Windows\System32\Drivers\aswSnx.sys
C:\Windows\System32\Drivers\aswSP.sys
C:\Windows\System32\Drivers\aswStm.sys
C:\Windows\System32\Drivers\aswTdi.sys
C:\Windows\System32\Drivers\aswVmm.sys
C:\Windows\System32\Drivers\avasdmft.sys
C:\Windows\System32\Drivers\avc3.sys
C:\Windows\System32\Drivers\avchv.sys
C:\Windows\System32\Drivers\avckf.sys
C:\Windows\System32\Drivers\avf.sys
C:\Windows\System32\Drivers\avgboota.sys
C:\Windows\System32\Drivers\avgbootx.sys
C:\Windows\System32\Drivers\avgdiska.sys
C:\Windows\System32\Drivers\avgdiskx.sys
C:\Windows\System32\Drivers\avgfwd6a.sys
C:\Windows\System32\Drivers\avgfwd6x.sys
C:\Windows\System32\Drivers\avgfwdx.sys
C:\Windows\System32\Drivers\avgidsdrivera.sys
C:\Windows\System32\Drivers\avgidsdriverlx.sys
C:\Windows\System32\Drivers\avgidsdriverx.sys
C:\Windows\System32\Drivers\avgidsha.sys
C:\Windows\System32\Drivers\avgidshx.sys
C:\Windows\System32\Drivers\avgidsshimw8x.sys
C:\Windows\System32\Drivers\avgidsshimx.sys
C:\Windows\System32\Drivers\avgldx64.sys
C:\Windows\System32\Drivers\avgldx86.sys
C:\Windows\System32\Drivers\avgloga.sys
C:\Windows\System32\Drivers\avglogx.sys
C:\Windows\System32\Drivers\avgmfx64.sys
C:\Windows\System32\Drivers\avgmfx86.sys
C:\Windows\System32\Drivers\avgntflt.sys
C:\Windows\System32\Drivers\avgrkx64.sys
C:\Windows\System32\Drivers\avgrkx86.sys
C:\Windows\System32\Drivers\avgtdia.sys
C:\Windows\System32\Drivers\avgtdix.sys
C:\Windows\System32\Drivers\avgwfpa.sys
C:\Windows\System32\Drivers\avgwfpx.sys
C:\Windows\System32\Drivers\avipbb.sys
C:\Windows\System32\Drivers\avkmgr.sys
C:\Windows\System32\Drivers\avnetflt.sys
C:\Windows\System32\Drivers\axflt.sys
C:\Windows\System32\Drivers\BAPIDRV.SYS
C:\Windows\System32\Drivers\BAPIDRV64.SYS
C:\Windows\System32\Drivers\bcfilter.sys
C:\Windows\System32\Drivers\bcfsrm.sys
C:\Windows\System32\Drivers\bcftdi.sys
C:\Windows\System32\Drivers\bc_hash_f.sys
C:\Windows\System32\Drivers\bc_ip_f.sys
C:\Windows\System32\Drivers\bc_ngn.sys
C:\Windows\System32\Drivers\bc_pat_f.sys
C:\Windows\System32\Drivers\bc_prt_f.sys
C:\Windows\System32\Drivers\bc_tdi_f.sys
C:\Windows\System32\Drivers\BdAgent.sys
C:\Windows\System32\Drivers\bdelam.sys
C:\Windows\System32\Drivers\bdfndisf.sys
C:\Windows\System32\Drivers\BdfNdisf6.sys
C:\Windows\System32\Drivers\bdfsfltr.sys
C:\Windows\System32\Drivers\BdNet.sys
C:\Windows\System32\Drivers\bdsandbox.sys
C:\Windows\System32\Drivers\bdsflt.sys
C:\Windows\System32\Drivers\bdsnm.sys
C:\Windows\System32\Drivers\BdSpy.sys
C:\Windows\System32\Drivers\bdvedisk.sys
C:\Windows\System32\Drivers\Bfilter.sys
C:\Windows\System32\Drivers\Bfmon.sys
C:\Windows\System32\Drivers\Bhbase.sys
C:\Windows\System32\Drivers\bnbasex64.sys
C:\Windows\System32\Drivers\bndef64.sys
C:\Windows\System32\Drivers\Bprotect.sys
C:\Windows\System32\Drivers\BprotectEx.sys
C:\Windows\System32\Drivers\bsfs.sys
C:\Windows\System32\Drivers\catflt.sys
C:\Windows\System32\Drivers\CdmDrvNt.sys
C:\Windows\System32\Drivers\cfwids.sys
C:\Windows\System32\Drivers\cmderd.sys
C:\Windows\System32\Drivers\cmdguard.sys
C:\Windows\System32\Drivers\cmdhlp.sys
C:\Windows\System32\Drivers\COMFiltr.sys
C:\Windows\System32\Drivers\DrWebLwf.sys
C:\Windows\System32\Drivers\dsaflt.sys
C:\Windows\System32\Drivers\dsaflt64.sys
C:\Windows\System32\Drivers\dwdg.sys
C:\Windows\System32\Drivers\dwprot.sys
C:\Windows\System32\Drivers\dw_wfp.sys
C:\Windows\System32\Drivers\eamon.sys
C:\Windows\System32\Drivers\eamonm.sys
C:\Windows\System32\Drivers\econceal.sys
C:\Windows\System32\Drivers\edevmon.sys
C:\Windows\System32\Drivers\efimon.sys
C:\Windows\System32\Drivers\ehdrv.sys
C:\Windows\System32\Drivers\emlssx.sys
C:\Windows\System32\Drivers\EMLTDI.SYS
C:\Windows\System32\Drivers\epfw.sys
C:\Windows\System32\Drivers\EpfwLWF.sys
C:\Windows\System32\Drivers\epfwndis.sys
C:\Windows\System32\Drivers\epfwtdi.sys
C:\Windows\System32\Drivers\epfwwfp.sys
C:\Windows\System32\Drivers\epfwwfpr.sys
C:\Windows\System32\Drivers\fnetm64.sys
C:\Windows\System32\Drivers\fnetmon.sys
C:\Windows\System32\Drivers\FPAV_RTP.sys
C:\Windows\System32\Drivers\fsbts.sys
C:\Windows\System32\Drivers\fwcore.sys
C:\Windows\System32\Drivers\GDBehave.sys
C:\Windows\System32\Drivers\gddcd64.sys
C:\Windows\System32\Drivers\gddcv64.sys
C:\Windows\System32\Drivers\GDNdisIc.sys
C:\Windows\System32\Drivers\GDTdiIcpt.sys
C:\Windows\System32\Drivers\gdwfpcd32.sys
C:\Windows\System32\Drivers\gdwfpcd64.sys
C:\Windows\System32\Drivers\gfiark.sys
C:\Windows\System32\Drivers\gfiutil.sys
C:\Windows\System32\Drivers\ggc.sys
C:\Windows\System32\Drivers\gzflt.sys
C:\Windows\System32\Drivers\HipShieldK.sys
C:\Windows\System32\Drivers\HookCentre.sys
C:\Windows\System32\Drivers\HookHelp.sys
C:\Windows\System32\Drivers\hookport.sys
C:\Windows\System32\Drivers\Hooksys.sys
C:\Windows\System32\Drivers\HookTdi.sys
C:\Windows\System32\Drivers\hvm.sys
C:\Windows\System32\Drivers\idsflt.sys
C:\Windows\System32\Drivers\idsflt64.sys
C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys
C:\Windows\System32\Drivers\immunetprotect.sys
C:\Windows\System32\Drivers\immunetselfprotect.sys
C:\Windows\System32\Drivers\inspect.sys
C:\Windows\System32\Drivers\K7FWFilt.sys
C:\Windows\System32\Drivers\K7FWHlpr.sys
C:\Windows\System32\Drivers\K7Sentry.sys
C:\Windows\System32\Drivers\K7TdiHlp.sys
C:\Windows\System32\Drivers\kl1.sys
C:\Windows\System32\Drivers\kl2.sys
C:\Windows\System32\Drivers\kldisk.sys
C:\Windows\System32\Drivers\klelam.sys
C:\Windows\System32\Drivers\klflt.sys
C:\Windows\System32\Drivers\klhk.sys
C:\Windows\System32\Drivers\klif.sys
C:\Windows\System32\Drivers\klim5.sys
C:\Windows\System32\Drivers\klim6.sys
C:\Windows\System32\Drivers\klpd.sys
C:\Windows\System32\Drivers\kltdi.sys
C:\Windows\System32\Drivers\klwfp.sys
C:\Windows\System32\Drivers\klwtp.sys
C:\Windows\System32\Drivers\KmxAgent.sys
C:\Windows\System32\Drivers\KmxAMRT.sys
C:\Windows\System32\Drivers\KmxCF.sys
C:\Windows\System32\Drivers\KmxCfg.sys
C:\Windows\System32\Drivers\KmxFile.sys
C:\Windows\System32\Drivers\KmxFilter.sys
C:\Windows\System32\Drivers\KmxFw.sys
C:\Windows\System32\Drivers\KmxSbx.sys
C:\Windows\System32\Drivers\KmxStart.sys
C:\Windows\System32\Drivers\kneps.sys
C:\Windows\System32\Drivers\kvnet.sys
C:\Windows\System32\Drivers\kwflower.sys
C:\Windows\System32\Drivers\kwfupper.sys
C:\Windows\System32\Drivers\llio.sys
C:\Windows\System32\Drivers\MBAMSwissArmy.sys
C:\Windows\System32\Drivers\McPvDrv.sys
C:\Windows\System32\Drivers\mfeapfk.sys
C:\Windows\System32\Drivers\mfeavfk.sys
C:\Windows\System32\Drivers\mfebopk.sys
C:\Windows\System32\Drivers\mfeclnrk.sys
C:\Windows\System32\Drivers\mfeelamk.sys
C:\Windows\System32\Drivers\mfefirek.sys
C:\Windows\System32\Drivers\mfehidk.sys
C:\Windows\System32\Drivers\mfencbdc.sys
C:\Windows\System32\Drivers\mfencrk.sys
C:\Windows\System32\Drivers\mfewfpk.sys
C:\Windows\System32\Drivers\MiniIcpt.sys
C:\Windows\System32\Drivers\MOBK.sys
C:\Windows\System32\Drivers\mscank.sys
C:\Windows\System32\Drivers\mwac.sys
C:\Windows\System32\Drivers\mwfsmflt.sys
C:\Windows\System32\Drivers\n64i1644.sys
C:\Windows\System32\Drivers\netcontroller.sys
C:\Windows\System32\Drivers\netfilter.sys
C:\Windows\System32\Drivers\NETFLTDI.SYS
C:\Windows\System32\Drivers\neti1644.sys
C:\Windows\System32\Drivers\NETTDI64.SYS
C:\Windows\System32\Drivers\nnetsec.sys
C:\Windows\System32\Drivers\nnetsecl.sys
C:\Windows\System32\Drivers\nnetsecl64.sys
C:\Windows\System32\Drivers\NNSAlpc.sys
C:\Windows\System32\Drivers\NNSHttp.sys
C:\Windows\System32\Drivers\NNSHttps.sys
C:\Windows\System32\Drivers\NNSIds.sys
C:\Windows\System32\Drivers\NNSNAHS.sys
C:\Windows\System32\Drivers\NNSNAHSL.sys
C:\Windows\System32\Drivers\NNSpicc.sys
C:\Windows\System32\Drivers\NNSpihs.sys
C:\Windows\System32\Drivers\NNSPihsw.sys
C:\Windows\System32\Drivers\NNSPop3.sys
C:\Windows\System32\Drivers\NNSProt.sys
C:\Windows\System32\Drivers\NNSPrv.sys
C:\Windows\System32\Drivers\NNSSmtp.sys
C:\Windows\System32\Drivers\NNSStrm.sys
C:\Windows\System32\Drivers\NNStlsc.sys
C:\Windows\System32\Drivers\npf.sys
C:\Windows\System32\Drivers\NSKernel.sys
C:\Windows\System32\Drivers\NSNetmon.sys
C:\Windows\System32\Drivers\nvcv64mf.sys
C:\Windows\System32\Drivers\OADriver.sys
C:\Windows\System32\Drivers\oahlp32.sys
C:\Windows\System32\Drivers\OAmon.sys
C:\Windows\System32\Drivers\OAnet.sys
C:\Windows\System32\Drivers\pavboot.sys
C:\Windows\System32\Drivers\pavboot64.sys
C:\Windows\System32\Drivers\PavProc.sys
C:\Windows\System32\Drivers\PCTBD64.sys
C:\Windows\System32\Drivers\pctBTFix64.sys
C:\Windows\System32\Drivers\PCTCore64.sys
C:\Windows\System32\Drivers\pctDS64.sys
C:\Windows\System32\Drivers\pctEFA64.sys
C:\Windows\System32\Drivers\pctgntdi64.sys
C:\Windows\System32\Drivers\pctplsg64.sys
C:\Windows\System32\Drivers\pctplsm64.sys
C:\Windows\System32\Drivers\PCTSD64.sys
C:\Windows\System32\Drivers\pctwfpfilter64.sys
C:\Windows\System32\Drivers\PktIcpt.sys
C:\Windows\System32\Drivers\PROCEXP152.SYS
C:\Windows\System32\Drivers\protreg.sys
C:\Windows\System32\Drivers\PSINAflt.sys
C:\Windows\System32\Drivers\PSINFile.sys
C:\Windows\System32\Drivers\PSINKNC.sys
C:\Windows\System32\Drivers\PSINProc.sys
C:\Windows\System32\Drivers\PSINProt.sys
C:\Windows\System32\Drivers\PSINReg.sys
C:\Windows\System32\Drivers\PSKMAD.sys
C:\Windows\System32\Drivers\pwipf6.sys
C:\Windows\System32\Drivers\qutmdrv.sys
C:\Windows\System32\Drivers\qutmipc.sys
C:\Windows\System32\Drivers\saappctl.sys
C:\Windows\System32\Drivers\SandBox.sys
C:\Windows\System32\Drivers\SandBox64.sys
C:\Windows\System32\Drivers\sascan.sys
C:\Windows\System32\Drivers\savonaccess.sys
C:\Windows\System32\Drivers\savonaccesscontrol.sys
C:\Windows\System32\Drivers\savonaccessfilter.sys
C:\Windows\System32\Drivers\sbaphd.sys
C:\Windows\System32\Drivers\sbapifs.sys
C:\Windows\System32\Drivers\SbFw.sys
C:\Windows\System32\Drivers\SbFwIm.sys
C:\Windows\System32\Drivers\sbhips.sys
C:\Windows\System32\Drivers\sbtis.sys
C:\Windows\System32\Drivers\sbwtis.sys
C:\Windows\System32\Drivers\scfdriver.sys
C:\Windows\System32\Drivers\scfndis.sys
C:\Windows\System32\Drivers\SFWCallout.sys
C:\Windows\System32\Drivers\ShldFlt.sys
C:\Windows\System32\Drivers\ShlDrv51.sys
C:\Windows\System32\Drivers\skmscan.sys
C:\Windows\System32\Drivers\SLogDrv.sys
C:\Windows\System32\Drivers\SophosBootDriver.sys
C:\Windows\System32\Drivers\spiderg3.sys
C:\Windows\System32\Drivers\spyemrg.sys
C:\Windows\System32\Drivers\spyemrg_access.sys
C:\Windows\System32\Drivers\spyemrg_guard.sys
C:\Windows\System32\Drivers\ssmdrv.sys
C:\Windows\System32\Drivers\swi_callout.sys
C:\Windows\System32\Drivers\SYMEVENT.SYS
C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
C:\Windows\System32\Drivers\SysPlant.sys
C:\Windows\System32\Drivers\tdifw.sys
C:\Windows\System32\Drivers\tdi_nf.sys
C:\Windows\System32\Drivers\Teefer.sys
C:\Windows\System32\Drivers\TFsFltX64.sys
C:\Windows\System32\Drivers\tmactmon.sys
C:\Windows\System32\Drivers\tmcomm.sys
C:\Windows\System32\Drivers\TMEBC32.sys
C:\Windows\System32\Drivers\TMEBC64.sys
C:\Windows\System32\Drivers\tmeevw.sys
C:\Windows\System32\Drivers\tmel.sys
C:\Windows\System32\Drivers\tmevtmgr.sys
C:\Windows\System32\Drivers\tmnciesc.sys
C:\Windows\System32\Drivers\tmusa.sys
C:\Windows\System32\Drivers\tpdevflt.sys
C:\Windows\System32\Drivers\tpsec.sys
C:\Windows\System32\Drivers\Trufos.sys
C:\Windows\System32\Drivers\TS4nt.sys
C:\Windows\System32\Drivers\v3engine.sys
C:\Windows\System32\Drivers\VBEngNT.sys
C:\Windows\System32\Drivers\vrptcomn.sys
C:\Windows\System32\Drivers\vsdatant.sys
C:\Windows\System32\Drivers\webssx.sys
C:\Windows\System32\Drivers\WGX64.SYS
C:\Windows\System32\Drivers\wnmflt.sys
C:\Windows\System32\Drivers\wnmflt64.sys
C:\Windows\System32\Drivers\WRkrn.sys
C:\Windows\System32\Drivers\wrUrlFlt.sys
C:\Windows\System32\Drivers\wsnf.sys
C:\Windows\System32\Drivers\wstif.sys
C:\Windows\System32\Drivers\znf.sys
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Zillya Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Zillya Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\AVG Secure Search
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Baidu
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\InfoWatch
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\Symantec Shared
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Common Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\AVG Secure Search
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Baidu
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\InfoWatch
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\Symantec Shared
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files (x86)\Common Files\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360safe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\360WD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avg2014
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Comodo
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\housecall.guid.cache
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\IObit Apps
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\LavasoftStatistics
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\McAfee File Lock
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\panda4_1dn
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Roaming\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360safe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\360WD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avg2014
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Comodo
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\housecall.guid.cache
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\IObit Apps
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\LavasoftStatistics
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Malwarebytes
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\McAfee File Lock
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\panda4_1dn
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Users\Administrator\AppData\Local\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\.clamwin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\360SD
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Acceleration Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Agnitum
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AhnLab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Alwil Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Arcabit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avanquest
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVAST Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avetix
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVG
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\AVG Nation toolbar
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Avira
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Baidu Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Bitdefender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BitGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BullGuard
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\BullGuard Ltd
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\CA
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Cezurity
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\CheckPoint
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\ClamWin
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\COMODO
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Comodo Downloader
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Crystal Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Doctor Web
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\DrWeb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\DrWeb Enterprise Suite
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\eAcceleration
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Emsisoft Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\eScan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\ESET
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\F-Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Filseclab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Fortego Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\FRISK Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\G Data
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\G DATA Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\GFI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\HAURI
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\IKARUS
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Immunet
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\IObit
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Jetico
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\K7 Computing
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Kaspersky Lab
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Kerio
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Lavasoft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malware Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malwarebytes Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Malwarebytes' Anti-Malware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee Security Scan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfee.com
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\McAfeeMOBK
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\MicroWorld
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\mks_vir_9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Moon Secure Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\NANO Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\nanoav
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\nanolsp
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norman
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton 360
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Anti-Theft
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Internet Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Norton Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\NortonInstaller
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Online Armor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\OnlineArmor
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Padvish Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Panda Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Panda Security URL Filtering
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\pandasecuritytb
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\PC Tools Security
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Preventon Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Privacyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Proland
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Proland Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\PSafe
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Quick Heal
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Rising
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Roboscan
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SecureAge
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Sophos
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Spybot - Search & Destroy
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Spybot - Search & Destroy 2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SpyShelter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SpyShelter Premium
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\StopSign
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\STOPzilla Optimizer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\STOPzilla!
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\SUPERAntiSpyware
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Symantec AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Tiranium AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Tizer Secure
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Total Defense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TotalDefense
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trend Micro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trend Micro Installer
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Trojan Remover
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.1
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.2
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.3
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.4
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.5
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.6
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.7
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.8
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrojanHunter 5.9
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\TrustPort
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\UnThreat
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\UnThreat AntiVirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Vba32
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\VIPRE
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Webroot
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Winalysis
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Windows Defender
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WinPcap
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WinRoute Pro
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\WRData
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\xCore Software
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Zillya Antivirus
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\ProgramData\Zillya Internet Security
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
360AntiHacker => service removed successfully
360AvFlt => service removed successfully
360Box => service removed successfully
360Box64 => service removed successfully
360Camera => service removed successfully
360fsflt => service removed successfully
360SelfProtection => service removed successfully
ABndis => service removed successfully
AFW => service removed successfully
afwcore => service removed successfully
AhnFlt2K => service removed successfully
AhnRec2K => service removed successfully
AhnRghNt => service removed successfully
AhnSZE => service removed successfully
ALE_NF => service removed successfully
AMonLWLH => service removed successfully
AMonTDLH => service removed successfully
APPFLT => service removed successfully
arcawfp => service removed successfully
asd2fsm => service removed successfully
Asdids => service removed successfully
aswHwid => service removed successfully
aswMonFlt => service removed successfully
aswNdis => service removed successfully
aswNdis2 => service removed successfully
aswNdisFlt => service removed successfully
aswRdr => service removed successfully
aswRvrt => service removed successfully
aswSnx => service removed successfully
aswSP => service removed successfully
aswStm => service removed successfully
aswTdi => service removed successfully
aswVmm => service removed successfully
avasdmft => service removed successfully
avc3 => service removed successfully
avchv => service removed successfully
avckf => service removed successfully
Avgboota => service removed successfully
Avgbootx => service removed successfully
Avgdiska => service removed successfully
Avgdiskx => service removed successfully
Avgfwdx => service removed successfully
AVGIDSHA => service removed successfully
AVGIDSHX => service removed successfully
Avgldx64 => service removed successfully
Avgldx86 => service removed successfully
Avgloga => service removed successfully
Avglogx => service removed successfully
Avgmfx64 => service removed successfully
Avgmfx86 => service removed successfully
avgntflt => service removed successfully
Avgrkx64 => service removed successfully
Avgrkx86 => service removed successfully
Avgtdia => service removed successfully
Avgtdix => service removed successfully
Avgwfpa => service removed successfully
Avgwfpx => service removed successfully
avipbb => service removed successfully
avkmgr => service removed successfully
avnetflt => service removed successfully
BAPIDRV => service removed successfully
Bcfilter => service removed successfully
bcfsrm => service removed successfully
bcftdi => service removed successfully
bc_hash_f => service removed successfully
bc_ip_f => service removed successfully
bc_ngn => service removed successfully
bc_pat_f => service removed successfully
bc_prt_f => service removed successfully
bc_tdi_f => service removed successfully
BdAgent => service removed successfully
bdelam => service removed successfully
Bdfndisf => service removed successfully
bdfsfltr => service removed successfully
BdNet => service removed successfully
BDSandBox => service removed successfully
bdsflt => service removed successfully
bdsnm => service removed successfully
BdSpy => service removed successfully
BDVEDISK => service removed successfully
Bfilter => service removed successfully
Bfmon => service removed successfully
Bhbase => service removed successfully
Bprotect => service removed successfully
BprotectEx => service removed successfully
bsfs => service removed successfully
catflt => service removed successfully
CdmDrvNt => service removed successfully
cfwids => service removed successfully
cmderd => service removed successfully
cmdGuard => service removed successfully
cmdHlp => service removed successfully
ComFiltr => service removed successfully
DrWebLwf => service removed successfully
DSAFLT => service removed successfully
DwProt => service removed successfully
eamon => service removed successfully
eamonm => service removed successfully
econceal => service removed successfully
edevmon => service removed successfully
EfiMon => service removed successfully
ehdrv => service removed successfully
emlssx => service removed successfully
epfw => service removed successfully
EpfwLWF => service removed successfully
Epfwndis => service removed successfully
epfwtdi => service removed successfully
epfwwfp => service removed successfully
epfwwfpr => service removed successfully
FNETMON => service removed successfully
FPAV_RTP => service removed successfully
fsbts => service removed successfully
FWCore => service removed successfully
GDBehave => service removed successfully
GDNdisIc => service removed successfully
gfiark => service removed successfully
gfiutil => service removed successfully
ggc => service removed successfully
gzflt => service removed successfully
HipShieldK => service removed successfully
HookCentre => service removed successfully
HookPort => service removed successfully
hooksys => service removed successfully
HookTdi => service removed successfully
IDSFLT => service removed successfully
ImmunetProtect => service removed successfully
inspect => service removed successfully
K7FWFilt => service removed successfully
K7FWHlpr => service removed successfully
K7Sentry => service removed successfully
K7TdiHlp => service removed successfully
kl1 => service removed successfully
kldisk => service removed successfully
klelam => service removed successfully
klflt => service removed successfully
klhk => service removed successfully
KLIF => service removed successfully
KLIM6 => service removed successfully
klpd => service removed successfully
kltdi => service removed successfully
klwfp => service removed successfully
klwtp => service removed successfully
KmxAgent => service removed successfully
KmxAMRT => service removed successfully
KmxCF => service removed successfully
KmxCfg => service removed successfully
KmxFile => service removed successfully
KmxFilter => service removed successfully
KmxFw => service removed successfully
KmxSbx => service removed successfully
KmxStart => service removed successfully
kneps => service removed successfully
kvnet => service removed successfully
kwflower => service removed successfully
kwfupper => service removed successfully
MBAMSwissArmy => service removed successfully
McPvDrv => service removed successfully
mfeapfk => service removed successfully
mfeavfk => service removed successfully
mfebopk => service removed successfully
mfeelamk => service removed successfully
mfefirek => service removed successfully
mfehidk => service removed successfully
mfencbdc => service removed successfully
mfencrk => service removed successfully
mfewfpk => service removed successfully
mscank => service removed successfully
netcontroller => service removed successfully
netfilter => service not found.
NETFLTDI => service removed successfully
nnetsec => service removed successfully
NNSALPC => service removed successfully
NNSHTTP => service removed successfully
NNSHTTPS => service removed successfully
NNSIDS => service removed successfully
NNSNAHS => service removed successfully
NNSNAHSL => service removed successfully
NNSPICC => service removed successfully
NNSPIHS => service removed successfully
NNSPIHSW => service removed successfully
NNSPOP3 => service removed successfully
NNSPROT => service removed successfully
NNSPRV => service removed successfully
NNSSMTP => service removed successfully
NNSSTRM => service removed successfully
NNSTLSC => service removed successfully
OAmon => service removed successfully
OAnet => service removed successfully
pavboot => service removed successfully
PavProc => service removed successfully
PSINAflt => service removed successfully
PSINFile => service removed successfully
PSINKNC => service removed successfully
PSINProc => service removed successfully
PSINProt => service removed successfully
PSINReg => service removed successfully
PSKMAD => service removed successfully
pwipf6 => service removed successfully
qutmipc => service removed successfully
SandBox => service removed successfully
sascan => service removed successfully
SAVOnAccess => service removed successfully
SAVOnAccessControl => service removed successfully
SAVOnAccessFilter => service removed successfully
sbaphd => service removed successfully
sbapifs => service removed successfully
SbFw => service removed successfully
sbhips => service removed successfully
sbtis => service removed successfully
sbwtis => service removed successfully
scfdriver => service removed successfully
scfndis => service removed successfully
SFWCallout => service removed successfully
ShldFlt => service removed successfully
SKMScan => service removed successfully
SophosBootDriver => service removed successfully
SpiderG3 => service removed successfully
SpyEmrg => service removed successfully
ssmdrv => service removed successfully
swi_callout => service removed successfully
SymEvent => service removed successfully
SysPlant => service removed successfully
tdifw => service removed successfully
tdi_nf => service removed successfully
tmactmon => service removed successfully
tmcomm => service removed successfully
tmeevw => service removed successfully
tmel => service removed successfully
tmevtmgr => service removed successfully
tmnciesc => service removed successfully
tmusa => service removed successfully
tpdevflt => service removed successfully
tpsec => service removed successfully
trufos => service removed successfully
TS4NT => service removed successfully
v3engine => service removed successfully
VBEngNT => service removed successfully
vrptcomn => service removed successfully
Vsdatant => service removed successfully
webssx => service removed successfully
WNMFLT => service removed successfully
WRkrn => service removed successfully
wrUrlFlt => service removed successfully
wsnf => service removed successfully
wstif => service removed successfully
Znf => service removed successfully
C:\Users\ta.operator\AppData\Local\Temp\4 => moved successfully
C:\Users\Administrator\AppData\Local\Temp\1 => moved successfully
C:\Users\Administrator\AppData\Roaming\jMYkWQPE9fo => moved successfully
C:\Users\Administrator\AppData\Local\Temp\~DFEA78CF8729C5B640.TMP => moved successfully
C:\Users\Administrator\AppData\Local\Temp\~DFD54A93BB1FA6FC5C.TMP => moved successfully
C:\Users\Administrator\AppData\Local\Temp\7zS82CA8405 => moved successfully
C:\Users\Administrator\AppData\Local\Temp\tmp4B4C.tmp => moved successfully
C:\Users\Administrator\AppData\Local\Temp\{36065382-AE77-4A3D-917F-2291080A68A8} => moved successfully
C:\Windows\System32\Drivers\360AntiHacker.sys => moved successfully
C:\Windows\System32\Drivers\360AntiHacker64.sys => moved successfully
C:\Windows\System32\Drivers\360AvFlt.sys => moved successfully
C:\Windows\System32\Drivers\360Box.sys => moved successfully
C:\Windows\System32\Drivers\360Box64.sys => moved successfully
C:\Windows\System32\Drivers\360Camera.sys => moved successfully
C:\Windows\System32\Drivers\360Camera64.sys => moved successfully
C:\Windows\System32\Drivers\360FsFlt.sys => moved successfully
C:\Windows\System32\Drivers\360SelfProtection.sys => moved successfully
C:\Windows\System32\Drivers\Aavmker4.sys => moved successfully
C:\Windows\System32\Drivers\abndis.sys => moved successfully
C:\Windows\System32\Drivers\abp470n5.sys => moved successfully
C:\Windows\System32\Drivers\afw.sys => moved successfully
C:\Windows\System32\Drivers\afwcore.sys => moved successfully
C:\Windows\System32\Drivers\AhnFlt2k.sys => moved successfully
C:\Windows\System32\Drivers\AhnRec2k.sys => moved successfully
C:\Windows\System32\Drivers\AhnRghNt.sys => moved successfully
C:\Windows\System32\Drivers\ahnsze.sys => moved successfully
C:\Windows\System32\Drivers\ale7_nf.sys => moved successfully
C:\Windows\System32\Drivers\ale7_nf64.sys => moved successfully
C:\Windows\System32\Drivers\ale_nf.sys => moved successfully
C:\Windows\System32\Drivers\ale_nf64.sys => moved successfully
C:\Windows\System32\Drivers\amm6460.sys => moved successfully
C:\Windows\System32\Drivers\amm8651.sys => moved successfully
C:\Windows\System32\Drivers\amm8660.sys => moved successfully
C:\Windows\System32\Drivers\AMonHKNT.sys => moved successfully
C:\Windows\System32\Drivers\AMonLWLH.sys => moved successfully
C:\Windows\System32\Drivers\AMonTDLH.sys => moved successfully
C:\Windows\System32\Drivers\AMonTDNt.sys => moved successfully
C:\Windows\System32\Drivers\apkhelper.sys => moved successfully
C:\Windows\System32\Drivers\APPFLT.SYS => moved successfully
C:\Windows\System32\Drivers\apsp.sys => moved successfully
C:\Windows\System32\Drivers\arcawfp.sys => moved successfully
C:\Windows\System32\Drivers\asd2fsm.sys => moved successfully
C:\Windows\System32\Drivers\asdids.sys => moved successfully
C:\Windows\System32\Drivers\aswHwid.sys => moved successfully
C:\Windows\System32\Drivers\aswMon2.sys => moved successfully
C:\Windows\System32\Drivers\aswMonFlt.sys => moved successfully
C:\Windows\System32\Drivers\aswNdis.sys => moved successfully
C:\Windows\System32\Drivers\aswNdis2.sys => moved successfully
C:\Windows\System32\Drivers\aswNdisFlt.sys => moved successfully
C:\Windows\System32\Drivers\aswRdr.sys => moved successfully
C:\Windows\System32\Drivers\aswRdr2.sys => moved successfully
C:\Windows\System32\Drivers\aswRvrt.sys => moved successfully
C:\Windows\System32\Drivers\aswSnx.sys => moved successfully
C:\Windows\System32\Drivers\aswSP.sys => moved successfully
C:\Windows\System32\Drivers\aswStm.sys => moved successfully
C:\Windows\System32\Drivers\aswTdi.sys => moved successfully
C:\Windows\System32\Drivers\aswVmm.sys => moved successfully
C:\Windows\System32\Drivers\avasdmft.sys => moved successfully
C:\Windows\System32\Drivers\avc3.sys => moved successfully
C:\Windows\System32\Drivers\avchv.sys => moved successfully
C:\Windows\System32\Drivers\avckf.sys => moved successfully
C:\Windows\System32\Drivers\avf.sys => moved successfully
C:\Windows\System32\Drivers\avgboota.sys => moved successfully
C:\Windows\System32\Drivers\avgbootx.sys => moved successfully
C:\Windows\System32\Drivers\avgdiska.sys => moved successfully
C:\Windows\System32\Drivers\avgdiskx.sys => moved successfully
C:\Windows\System32\Drivers\avgfwd6a.sys => moved successfully
C:\Windows\System32\Drivers\avgfwd6x.sys => moved successfully
C:\Windows\System32\Drivers\avgfwdx.sys => moved successfully
C:\Windows\System32\Drivers\avgidsdrivera.sys => moved successfully
C:\Windows\System32\Drivers\avgidsdriverlx.sys => moved successfully
C:\Windows\System32\Drivers\avgidsdriverx.sys => moved successfully
C:\Windows\System32\Drivers\avgidsha.sys => moved successfully
C:\Windows\System32\Drivers\avgidshx.sys => moved successfully
C:\Windows\System32\Drivers\avgidsshimw8x.sys => moved successfully
C:\Windows\System32\Drivers\avgidsshimx.sys => moved successfully
C:\Windows\System32\Drivers\avgldx64.sys => moved successfully
C:\Windows\System32\Drivers\avgldx86.sys => moved successfully
C:\Windows\System32\Drivers\avgloga.sys => moved successfully
C:\Windows\System32\Drivers\avglogx.sys => moved successfully
C:\Windows\System32\Drivers\avgmfx64.sys => moved successfully
C:\Windows\System32\Drivers\avgmfx86.sys => moved successfully
C:\Windows\System32\Drivers\avgntflt.sys => moved successfully
C:\Windows\System32\Drivers\avgrkx64.sys => moved successfully
C:\Windows\System32\Drivers\avgrkx86.sys => moved successfully
C:\Windows\System32\Drivers\avgtdia.sys => moved successfully
C:\Windows\System32\Drivers\avgtdix.sys => moved successfully
C:\Windows\System32\Drivers\avgwfpa.sys => moved successfully
C:\Windows\System32\Drivers\avgwfpx.sys => moved successfully
C:\Windows\System32\Drivers\avipbb.sys => moved successfully
C:\Windows\System32\Drivers\avkmgr.sys => moved successfully
C:\Windows\System32\Drivers\avnetflt.sys => moved successfully
C:\Windows\System32\Drivers\axflt.sys => moved successfully
C:\Windows\System32\Drivers\BAPIDRV.SYS => moved successfully
C:\Windows\System32\Drivers\BAPIDRV64.SYS => moved successfully
C:\Windows\System32\Drivers\bcfilter.sys => moved successfully
C:\Windows\System32\Drivers\bcfsrm.sys => moved successfully
C:\Windows\System32\Drivers\bcftdi.sys => moved successfully
C:\Windows\System32\Drivers\bc_hash_f.sys => moved successfully
C:\Windows\System32\Drivers\bc_ip_f.sys => moved successfully
C:\Windows\System32\Drivers\bc_ngn.sys => moved successfully
C:\Windows\System32\Drivers\bc_pat_f.sys => moved successfully
C:\Windows\System32\Drivers\bc_prt_f.sys => moved successfully
C:\Windows\System32\Drivers\bc_tdi_f.sys => moved successfully
C:\Windows\System32\Drivers\BdAgent.sys => moved successfully
C:\Windows\System32\Drivers\bdelam.sys => moved successfully
C:\Windows\System32\Drivers\bdfndisf.sys => moved successfully
C:\Windows\System32\Drivers\BdfNdisf6.sys => moved successfully
C:\Windows\System32\Drivers\bdfsfltr.sys => moved successfully
C:\Windows\System32\Drivers\BdNet.sys => moved successfully
C:\Windows\System32\Drivers\bdsandbox.sys => moved successfully
C:\Windows\System32\Drivers\bdsflt.sys => moved successfully
C:\Windows\System32\Drivers\bdsnm.sys => moved successfully
C:\Windows\System32\Drivers\BdSpy.sys => moved successfully
C:\Windows\System32\Drivers\bdvedisk.sys => moved successfully
C:\Windows\System32\Drivers\Bfilter.sys => moved successfully
C:\Windows\System32\Drivers\Bfmon.sys => moved successfully
C:\Windows\System32\Drivers\Bhbase.sys => moved successfully
C:\Windows\System32\Drivers\bnbasex64.sys => moved successfully
C:\Windows\System32\Drivers\bndef64.sys => moved successfully
C:\Windows\System32\Drivers\Bprotect.sys => moved successfully
C:\Windows\System32\Drivers\BprotectEx.sys => moved successfully
C:\Windows\System32\Drivers\bsfs.sys => moved successfully
C:\Windows\System32\Drivers\catflt.sys => moved successfully
C:\Windows\System32\Drivers\CdmDrvNt.sys => moved successfully
C:\Windows\System32\Drivers\cfwids.sys => moved successfully
C:\Windows\System32\Drivers\cmderd.sys => moved successfully
C:\Windows\System32\Drivers\cmdguard.sys => moved successfully
C:\Windows\System32\Drivers\cmdhlp.sys => moved successfully
C:\Windows\System32\Drivers\COMFiltr.sys => moved successfully
C:\Windows\System32\Drivers\DrWebLwf.sys => moved successfully
C:\Windows\System32\Drivers\dsaflt.sys => moved successfully
C:\Windows\System32\Drivers\dsaflt64.sys => moved successfully
C:\Windows\System32\Drivers\dwdg.sys => moved successfully
C:\Windows\System32\Drivers\dwprot.sys => moved successfully
C:\Windows\System32\Drivers\dw_wfp.sys => moved successfully
C:\Windows\System32\Drivers\eamon.sys => moved successfully
C:\Windows\System32\Drivers\eamonm.sys => moved successfully
C:\Windows\System32\Drivers\econceal.sys => moved successfully
C:\Windows\System32\Drivers\edevmon.sys => moved successfully
C:\Windows\System32\Drivers\efimon.sys => moved successfully
C:\Windows\System32\Drivers\ehdrv.sys => moved successfully
C:\Windows\System32\Drivers\emlssx.sys => moved successfully
C:\Windows\System32\Drivers\EMLTDI.SYS => moved successfully
C:\Windows\System32\Drivers\epfw.sys => moved successfully
C:\Windows\System32\Drivers\EpfwLWF.sys => moved successfully
C:\Windows\System32\Drivers\epfwndis.sys => moved successfully
C:\Windows\System32\Drivers\epfwtdi.sys => moved successfully
C:\Windows\System32\Drivers\epfwwfp.sys => moved successfully
C:\Windows\System32\Drivers\epfwwfpr.sys => moved successfully
C:\Windows\System32\Drivers\fnetm64.sys => moved successfully
C:\Windows\System32\Drivers\fnetmon.sys => moved successfully
C:\Windows\System32\Drivers\FPAV_RTP.sys => moved successfully
C:\Windows\System32\Drivers\fsbts.sys => moved successfully
C:\Windows\System32\Drivers\fwcore.sys => moved successfully
C:\Windows\System32\Drivers\GDBehave.sys => moved successfully
C:\Windows\System32\Drivers\gddcd64.sys => moved successfully
C:\Windows\System32\Drivers\gddcv64.sys => moved successfully
C:\Windows\System32\Drivers\GDNdisIc.sys => moved successfully
C:\Windows\System32\Drivers\GDTdiIcpt.sys => moved successfully
C:\Windows\System32\Drivers\gdwfpcd32.sys => moved successfully
C:\Windows\System32\Drivers\gdwfpcd64.sys => moved successfully
C:\Windows\System32\Drivers\gfiark.sys => moved successfully
C:\Windows\System32\Drivers\gfiutil.sys => moved successfully
C:\Windows\System32\Drivers\ggc.sys => moved successfully
C:\Windows\System32\Drivers\gzflt.sys => moved successfully
C:\Windows\System32\Drivers\HipShieldK.sys => moved successfully
C:\Windows\System32\Drivers\HookCentre.sys => moved successfully
C:\Windows\System32\Drivers\HookHelp.sys => moved successfully
C:\Windows\System32\Drivers\hookport.sys => moved successfully
C:\Windows\System32\Drivers\Hooksys.sys => moved successfully
C:\Windows\System32\Drivers\HookTdi.sys => moved successfully
C:\Windows\System32\Drivers\hvm.sys => moved successfully
C:\Windows\System32\Drivers\idsflt.sys => moved successfully
C:\Windows\System32\Drivers\idsflt64.sys => moved successfully
C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys => moved successfully
C:\Windows\System32\Drivers\immunetprotect.sys => moved successfully
C:\Windows\System32\Drivers\immunetselfprotect.sys => moved successfully
C:\Windows\System32\Drivers\inspect.sys => moved successfully
C:\Windows\System32\Drivers\K7FWFilt.sys => moved successfully
C:\Windows\System32\Drivers\K7FWHlpr.sys => moved successfully
C:\Windows\System32\Drivers\K7Sentry.sys => moved successfully
C:\Windows\System32\Drivers\K7TdiHlp.sys => moved successfully
C:\Windows\System32\Drivers\kl1.sys => moved successfully
C:\Windows\System32\Drivers\kl2.sys => moved successfully
C:\Windows\System32\Drivers\kldisk.sys => moved successfully
C:\Windows\System32\Drivers\klelam.sys => moved successfully
C:\Windows\System32\Drivers\klflt.sys => moved successfully
C:\Windows\System32\Drivers\klhk.sys => moved successfully
C:\Windows\System32\Drivers\klif.sys => moved successfully
C:\Windows\System32\Drivers\klim5.sys => moved successfully
C:\Windows\System32\Drivers\klim6.sys => moved successfully
C:\Windows\System32\Drivers\klpd.sys => moved successfully
C:\Windows\System32\Drivers\kltdi.sys => moved successfully
C:\Windows\System32\Drivers\klwfp.sys => moved successfully
C:\Windows\System32\Drivers\klwtp.sys => moved successfully
C:\Windows\System32\Drivers\KmxAgent.sys => moved successfully
C:\Windows\System32\Drivers\KmxAMRT.sys => moved successfully
C:\Windows\System32\Drivers\KmxCF.sys => moved successfully
C:\Windows\System32\Drivers\KmxCfg.sys => moved successfully
C:\Windows\System32\Drivers\KmxFile.sys => moved successfully
C:\Windows\System32\Drivers\KmxFilter.sys => moved successfully
C:\Windows\System32\Drivers\KmxFw.sys => moved successfully
C:\Windows\System32\Drivers\KmxSbx.sys => moved successfully
C:\Windows\System32\Drivers\KmxStart.sys => moved successfully
C:\Windows\System32\Drivers\kneps.sys => moved successfully
C:\Windows\System32\Drivers\kvnet.sys => moved successfully
C:\Windows\System32\Drivers\kwflower.sys => moved successfully
C:\Windows\System32\Drivers\kwfupper.sys => moved successfully
C:\Windows\System32\Drivers\llio.sys => moved successfully
C:\Windows\System32\Drivers\MBAMSwissArmy.sys => moved successfully
C:\Windows\System32\Drivers\McPvDrv.sys => moved successfully
C:\Windows\System32\Drivers\mfeapfk.sys => moved successfully
C:\Windows\System32\Drivers\mfeavfk.sys => moved successfully
C:\Windows\System32\Drivers\mfebopk.sys => moved successfully
C:\Windows\System32\Drivers\mfeclnrk.sys => moved successfully
C:\Windows\System32\Drivers\mfeelamk.sys => moved successfully
C:\Windows\System32\Drivers\mfefirek.sys => moved successfully
C:\Windows\System32\Drivers\mfehidk.sys => moved successfully
C:\Windows\System32\Drivers\mfencbdc.sys => moved successfully
C:\Windows\System32\Drivers\mfencrk.sys => moved successfully
C:\Windows\System32\Drivers\mfewfpk.sys => moved successfully
C:\Windows\System32\Drivers\MiniIcpt.sys => moved successfully
C:\Windows\System32\Drivers\MOBK.sys => moved successfully
C:\Windows\System32\Drivers\mscank.sys => moved successfully
C:\Windows\System32\Drivers\mwac.sys => moved successfully
C:\Windows\System32\Drivers\mwfsmflt.sys => moved successfully
C:\Windows\System32\Drivers\n64i1644.sys => moved successfully
C:\Windows\System32\Drivers\netcontroller.sys => moved successfully
C:\Windows\System32\Drivers\netfilter.sys => moved successfully
C:\Windows\System32\Drivers\NETFLTDI.SYS => moved successfully
C:\Windows\System32\Drivers\neti1644.sys => moved successfully
C:\Windows\System32\Drivers\NETTDI64.SYS => moved successfully
C:\Windows\System32\Drivers\nnetsec.sys => moved successfully
C:\Windows\System32\Drivers\nnetsecl.sys => moved successfully
C:\Windows\System32\Drivers\nnetsecl64.sys => moved successfully
C:\Windows\System32\Drivers\NNSAlpc.sys => moved successfully
C:\Windows\System32\Drivers\NNSHttp.sys => moved successfully
C:\Windows\System32\Drivers\NNSHttps.sys => moved successfully
C:\Windows\System32\Drivers\NNSIds.sys => moved successfully
C:\Windows\System32\Drivers\NNSNAHS.sys => moved successfully
C:\Windows\System32\Drivers\NNSNAHSL.sys => moved successfully
C:\Windows\System32\Drivers\NNSpicc.sys => moved successfully
C:\Windows\System32\Drivers\NNSpihs.sys => moved successfully
C:\Windows\System32\Drivers\NNSPihsw.sys => moved successfully
C:\Windows\System32\Drivers\NNSPop3.sys => moved successfully
C:\Windows\System32\Drivers\NNSProt.sys => moved successfully
C:\Windows\System32\Drivers\NNSPrv.sys => moved successfully
C:\Windows\System32\Drivers\NNSSmtp.sys => moved successfully
C:\Windows\System32\Drivers\NNSStrm.sys => moved successfully
C:\Windows\System32\Drivers\NNStlsc.sys => moved successfully
C:\Windows\System32\Drivers\npf.sys => moved successfully
C:\Windows\System32\Drivers\NSKernel.sys => moved successfully
C:\Windows\System32\Drivers\NSNetmon.sys => moved successfully
C:\Windows\System32\Drivers\nvcv64mf.sys => moved successfully
C:\Windows\System32\Drivers\OADriver.sys => moved successfully
C:\Windows\System32\Drivers\oahlp32.sys => moved successfully
C:\Windows\System32\Drivers\OAmon.sys => moved successfully
C:\Windows\System32\Drivers\OAnet.sys => moved successfully
C:\Windows\System32\Drivers\pavboot.sys => moved successfully
C:\Windows\System32\Drivers\pavboot64.sys => moved successfully
C:\Windows\System32\Drivers\PavProc.sys => moved successfully
C:\Windows\System32\Drivers\PCTBD64.sys => moved successfully
C:\Windows\System32\Drivers\pctBTFix64.sys => moved successfully
C:\Windows\System32\Drivers\PCTCore64.sys => moved successfully
C:\Windows\System32\Drivers\pctDS64.sys => moved successfully
C:\Windows\System32\Drivers\pctEFA64.sys => moved successfully
C:\Windows\System32\Drivers\pctgntdi64.sys => moved successfully
C:\Windows\System32\Drivers\pctplsg64.sys => moved successfully
C:\Windows\System32\Drivers\pctplsm64.sys => moved successfully
C:\Windows\System32\Drivers\PCTSD64.sys => moved successfully
C:\Windows\System32\Drivers\pctwfpfilter64.sys => moved successfully
C:\Windows\System32\Drivers\PktIcpt.sys => moved successfully
C:\Windows\System32\Drivers\PROCEXP152.SYS => moved successfully
C:\Windows\System32\Drivers\protreg.sys => moved successfully
C:\Windows\System32\Drivers\PSINAflt.sys => moved successfully
C:\Windows\System32\Drivers\PSINFile.sys => moved successfully
C:\Windows\System32\Drivers\PSINKNC.sys => moved successfully
C:\Windows\System32\Drivers\PSINProc.sys => moved successfully
C:\Windows\System32\Drivers\PSINProt.sys => moved successfully
C:\Windows\System32\Drivers\PSINReg.sys => moved successfully
C:\Windows\System32\Drivers\PSKMAD.sys => moved successfully
C:\Windows\System32\Drivers\pwipf6.sys => moved successfully
C:\Windows\System32\Drivers\qutmdrv.sys => moved successfully
C:\Windows\System32\Drivers\qutmipc.sys => moved successfully
C:\Windows\System32\Drivers\saappctl.sys => moved successfully
C:\Windows\System32\Drivers\SandBox.sys => moved successfully
C:\Windows\System32\Drivers\SandBox64.sys => moved successfully
C:\Windows\System32\Drivers\sascan.sys => moved successfully
C:\Windows\System32\Drivers\savonaccess.sys => moved successfully
C:\Windows\System32\Drivers\savonaccesscontrol.sys => moved successfully
C:\Windows\System32\Drivers\savonaccessfilter.sys => moved successfully
C:\Windows\System32\Drivers\sbaphd.sys => moved successfully
C:\Windows\System32\Drivers\sbapifs.sys => moved successfully
C:\Windows\System32\Drivers\SbFw.sys => moved successfully
C:\Windows\System32\Drivers\SbFwIm.sys => moved successfully
C:\Windows\System32\Drivers\sbhips.sys => moved successfully
C:\Windows\System32\Drivers\sbtis.sys => moved successfully
C:\Windows\System32\Drivers\sbwtis.sys => moved successfully
C:\Windows\System32\Drivers\scfdriver.sys => moved successfully
C:\Windows\System32\Drivers\scfndis.sys => moved successfully
C:\Windows\System32\Drivers\SFWCallout.sys => moved successfully
C:\Windows\System32\Drivers\ShldFlt.sys => moved successfully
C:\Windows\System32\Drivers\ShlDrv51.sys => moved successfully
C:\Windows\System32\Drivers\skmscan.sys => moved successfully
C:\Windows\System32\Drivers\SLogDrv.sys => moved successfully
C:\Windows\System32\Drivers\SophosBootDriver.sys => moved successfully
C:\Windows\System32\Drivers\spiderg3.sys => moved successfully
C:\Windows\System32\Drivers\spyemrg.sys => moved successfully
C:\Windows\System32\Drivers\spyemrg_access.sys => moved successfully
C:\Windows\System32\Drivers\spyemrg_guard.sys => moved successfully
C:\Windows\System32\Drivers\ssmdrv.sys => moved successfully
C:\Windows\System32\Drivers\swi_callout.sys => moved successfully
C:\Windows\System32\Drivers\SYMEVENT.SYS => moved successfully
C:\Windows\System32\Drivers\SYMEVENT64x86.SYS => moved successfully
C:\Windows\System32\Drivers\SysPlant.sys => moved successfully
C:\Windows\System32\Drivers\tdifw.sys => moved successfully
C:\Windows\System32\Drivers\tdi_nf.sys => moved successfully
C:\Windows\System32\Drivers\Teefer.sys => moved successfully
C:\Windows\System32\Drivers\TFsFltX64.sys => moved successfully
C:\Windows\System32\Drivers\tmactmon.sys => moved successfully
C:\Windows\System32\Drivers\tmcomm.sys => moved successfully
C:\Windows\System32\Drivers\TMEBC32.sys => moved successfully
C:\Windows\System32\Drivers\TMEBC64.sys => moved successfully
C:\Windows\System32\Drivers\tmeevw.sys => moved successfully
C:\Windows\System32\Drivers\tmel.sys => moved successfully
C:\Windows\System32\Drivers\tmevtmgr.sys => moved successfully
C:\Windows\System32\Drivers\tmnciesc.sys => moved successfully
C:\Windows\System32\Drivers\tmusa.sys => moved successfully
C:\Windows\System32\Drivers\tpdevflt.sys => moved successfully
C:\Windows\System32\Drivers\tpsec.sys => moved successfully
C:\Windows\System32\Drivers\Trufos.sys => moved successfully
C:\Windows\System32\Drivers\TS4nt.sys => moved successfully
C:\Windows\System32\Drivers\v3engine.sys => moved successfully
C:\Windows\System32\Drivers\VBEngNT.sys => moved successfully
C:\Windows\System32\Drivers\vrptcomn.sys => moved successfully
C:\Windows\System32\Drivers\vsdatant.sys => moved successfully
C:\Windows\System32\Drivers\webssx.sys => moved successfully
C:\Windows\System32\Drivers\WGX64.SYS => moved successfully
C:\Windows\System32\Drivers\wnmflt.sys => moved successfully
C:\Windows\System32\Drivers\wnmflt64.sys => moved successfully
C:\Windows\System32\Drivers\WRkrn.sys => moved successfully
C:\Windows\System32\Drivers\wrUrlFlt.sys => moved successfully
C:\Windows\System32\Drivers\wsnf.sys => moved successfully
C:\Windows\System32\Drivers\wstif.sys => moved successfully
C:\Windows\System32\Drivers\znf.sys => moved successfully
C:\Program Files\.clamwin => moved successfully
C:\Program Files\360 => moved successfully
C:\Program Files\360SD => moved successfully
C:\Program Files\Acceleration Software => moved successfully
C:\Program Files\Agnitum => moved successfully
C:\Program Files\AhnLab => moved successfully
C:\Program Files\Alwil Software => moved successfully
C:\Program Files\AntiVirus => moved successfully
C:\Program Files\Arcabit => moved successfully
C:\Program Files\Avanquest => moved successfully
C:\Program Files\AVAST Software => moved successfully
C:\Program Files\Avetix => moved successfully
C:\Program Files\AVG => moved successfully
C:\Program Files\AVG Nation toolbar => moved successfully
C:\Program Files\Avira => moved successfully
C:\Program Files\Baidu Security => moved successfully
C:\Program Files\Bitdefender => moved successfully
C:\Program Files\BitGuard => moved successfully
C:\Program Files\BullGuard => moved successfully
C:\Program Files\BullGuard Ltd => moved successfully
C:\Program Files\CA => moved successfully
C:\Program Files\Cezurity => moved successfully
C:\Program Files\CheckPoint => moved successfully
C:\Program Files\ClamWin => moved successfully
C:\Program Files\COMODO => moved successfully
C:\Program Files\Comodo Downloader => moved successfully
C:\Program Files\Crystal Security => moved successfully
C:\Program Files\Doctor Web => moved successfully
C:\Program Files\DrWeb => moved successfully
C:\Program Files\DrWeb Enterprise Suite => moved successfully
C:\Program Files\eAcceleration => moved successfully
C:\Program Files\Emsisoft Anti-Malware => moved successfully
C:\Program Files\eScan => moved successfully
C:\Program Files\ESET => moved successfully
C:\Program Files\F-Secure => moved successfully
C:\Program Files\Filseclab => moved successfully
C:\Program Files\Fortego Security => moved successfully
C:\Program Files\FRISK Software => moved successfully
C:\Program Files\G Data => moved successfully
C:\Program Files\G DATA Software => moved successfully
C:\Program Files\GFI => moved successfully
C:\Program Files\HAURI => moved successfully
C:\Program Files\IKARUS => moved successfully
C:\Program Files\Immunet => moved successfully
C:\Program Files\IObit => moved successfully
C:\Program Files\Jetico => moved successfully
C:\Program Files\K7 Computing => moved successfully
C:\Program Files\Kaspersky Lab => moved successfully
C:\Program Files\Kerio => moved successfully
C:\Program Files\Lavasoft => moved successfully
C:\Program Files\Malware Defender => moved successfully
C:\Program Files\Malwarebytes => moved successfully
C:\Program Files\Malwarebytes Anti-Malware => moved successfully
C:\Program Files\Malwarebytes' Anti-Malware => moved successfully
C:\Program Files\McAfee => moved successfully
C:\Program Files\McAfee Security Scan => moved successfully
C:\Program Files\McAfee.com => moved successfully
C:\Program Files\McAfeeMOBK => moved successfully
C:\Program Files\Microsoft Security Client => FRST is scripted not to move this directory.
C:\Program Files\MicroWorld => moved successfully
C:\Program Files\mks_vir_9 => moved successfully
C:\Program Files\Moon Secure Antivirus => moved successfully
C:\Program Files\NANO Antivirus => moved successfully
C:\Program Files\nanoav => moved successfully
C:\Program Files\nanolsp => moved successfully
C:\Program Files\Norman => moved successfully
C:\Program Files\Norton 360 => moved successfully
C:\Program Files\Norton Anti-Theft => moved successfully
C:\Program Files\Norton AntiVirus => moved successfully
C:\Program Files\Norton Internet Security => moved successfully
C:\Program Files\Norton Security => moved successfully
C:\Program Files\NortonInstaller => moved successfully
C:\Program Files\Online Armor => moved successfully
C:\Program Files\OnlineArmor => moved successfully
C:\Program Files\Padvish Antivirus => moved successfully
C:\Program Files\Panda Security => moved successfully
C:\Program Files\Panda Security URL Filtering => moved successfully
C:\Program Files\pandasecuritytb => moved successfully
C:\Program Files\PC Tools Security => moved successfully
C:\Program Files\Preventon Antivirus => moved successfully
C:\Program Files\Privacyware => moved successfully
C:\Program Files\Proland => moved successfully
C:\Program Files\Proland Software => moved successfully
C:\Program Files\PSafe => moved successfully
C:\Program Files\Quick Heal => moved successfully
C:\Program Files\Rising => moved successfully
C:\Program Files\Roboscan => moved successfully
C:\Program Files\SecureAge => moved successfully
C:\Program Files\Sophos => moved successfully
C:\Program Files\Spybot - Search & Destroy => moved successfully
C:\Program Files\Spybot - Search & Destroy 2 => moved successfully
C:\Program Files\SpyShelter => moved successfully
C:\Program Files\SpyShelter Premium => moved successfully
C:\Program Files\StopSign => moved successfully
C:\Program Files\STOPzilla Optimizer => moved successfully
C:\Program Files\STOPzilla! => moved successfully
C:\Program Files\SUPERAntiSpyware => moved successfully
C:\Program Files\Symantec AntiVirus => moved successfully
C:\Program Files\Tiranium AntiVirus => moved successfully
C:\Program Files\Tizer Secure => moved successfully
C:\Program Files\Total Defense => moved successfully
C:\Program Files\TotalDefense => moved successfully
C:\Program Files\Trend Micro => moved successfully
C:\Program Files\Trend Micro Installer => moved successfully
C:\Program Files\Trojan Remover => moved successfully
C:\Program Files\TrojanHunter => moved successfully
C:\Program Files\TrojanHunter 5.1 => moved successfully
C:\Program Files\TrojanHunter 5.2 => moved successfully
C:\Program Files\TrojanHunter 5.3 => moved successfully
C:\Program Files\TrojanHunter 5.4 => moved successfully
C:\Program Files\TrojanHunter 5.5 => moved successfully
C:\Program Files\TrojanHunter 5.6 => moved successfully
C:\Program Files\TrojanHunter 5.7 => moved successfully
C:\Program Files\TrojanHunter 5.8 => moved successfully
C:\Program Files\TrojanHunter 5.9 => moved successfully
C:\Program Files\TrustPort => moved successfully
C:\Program Files\UnThreat => moved successfully
C:\Program Files\UnThreat AntiVirus => moved successfully
C:\Program Files\Vba32 => moved successfully
C:\Program Files\VIPRE => moved successfully
C:\Program Files\Webroot => moved successfully
C:\Program Files\Winalysis => moved successfully
C:\Program Files\Windows Defender => FRST is scripted not to move this directory.
C:\Program Files\WinPcap => moved successfully
C:\Program Files\WinRoute Pro => moved successfully
C:\Program Files\WRData => moved successfully
C:\Program Files\xCore Software => moved successfully
C:\Program Files\Zillya Antivirus => moved successfully
C:\Program Files\Zillya Internet Security => moved successfully
C:\Program Files (x86)\.clamwin => moved successfully
C:\Program Files (x86)\360 => moved successfully
C:\Program Files (x86)\360SD => moved successfully
C:\Program Files (x86)\Acceleration Software => moved successfully
C:\Program Files (x86)\Agnitum => moved successfully
C:\Program Files (x86)\AhnLab => moved successfully
C:\Program Files (x86)\Alwil Software => moved successfully
C:\Program Files (x86)\AntiVirus => moved successfully
C:\Program Files (x86)\Arcabit => moved successfully
C:\Program Files (x86)\Avanquest => moved successfully
C:\Program Files (x86)\AVAST Software => moved successfully
C:\Program Files (x86)\Avetix => moved successfully
C:\Program Files (x86)\AVG => moved successfully
C:\Program Files (x86)\AVG Nation toolbar => moved successfully
C:\Program Files (x86)\Avira => moved successfully
C:\Program Files (x86)\Baidu Security => moved successfully
C:\Program Files (x86)\Bitdefender => moved successfully
C:\Program Files (x86)\BitGuard => moved successfully
C:\Program Files (x86)\BullGuard => moved successfully
C:\Program Files (x86)\BullGuard Ltd => moved successfully
C:\Program Files (x86)\CA => moved successfully
C:\Program Files (x86)\Cezurity => moved successfully
C:\Program Files (x86)\CheckPoint => moved successfully
C:\Program Files (x86)\ClamWin => moved successfully
C:\Program Files (x86)\COMODO => moved successfully
C:\Program Files (x86)\Comodo Downloader => moved successfully
C:\Program Files (x86)\Crystal Security => moved successfully
C:\Program Files (x86)\Doctor Web => moved successfully
C:\Program Files (x86)\DrWeb => moved successfully
C:\Program Files (x86)\DrWeb Enterprise Suite => moved successfully
C:\Program Files (x86)\eAcceleration => moved successfully
C:\Program Files (x86)\Emsisoft Anti-Malware => moved successfully
C:\Program Files (x86)\eScan => moved successfully
C:\Program Files (x86)\ESET => moved successfully
C:\Program Files (x86)\F-Secure => moved successfully
C:\Program Files (x86)\Filseclab => moved successfully
C:\Program Files (x86)\Fortego Security => moved successfully
C:\Program Files (x86)\FRISK Software => moved successfully
C:\Program Files (x86)\G Data => moved successfully
C:\Program Files (x86)\G DATA Software => moved successfully
C:\Program Files (x86)\GFI => moved successfully
C:\Program Files (x86)\HAURI => moved successfully
C:\Program Files (x86)\IKARUS => moved successfully
C:\Program Files (x86)\Immunet => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Program Files (x86)\Jetico => moved successfully
C:\Program Files (x86)\K7 Computing => moved successfully
C:\Program Files (x86)\Kaspersky Lab => moved successfully
C:\Program Files (x86)\Kerio => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Program Files (x86)\Malware Defender => moved successfully
C:\Program Files (x86)\Malwarebytes => moved successfully
C:\Program Files (x86)\Malwarebytes Anti-Malware => moved successfully
C:\Program Files (x86)\Malwarebytes' Anti-Malware => moved successfully
C:\Program Files (x86)\McAfee => moved successfully
C:\Program Files (x86)\McAfee Security Scan => moved successfully
C:\Program Files (x86)\McAfee.com => moved successfully
C:\Program Files (x86)\McAfeeMOBK => moved successfully
C:\Program Files (x86)\Microsoft Security Client => moved successfully
C:\Program Files (x86)\MicroWorld => moved successfully
C:\Program Files (x86)\mks_vir_9 => moved successfully
C:\Program Files (x86)\Moon Secure Antivirus => moved successfully
C:\Program Files (x86)\NANO Antivirus => moved successfully
C:\Program Files (x86)\nanoav => moved successfully
C:\Program Files (x86)\nanolsp => moved successfully
C:\Program Files (x86)\Norman => moved successfully
C:\Program Files (x86)\Norton 360 => moved successfully
C:\Program Files (x86)\Norton Anti-Theft => moved successfully
C:\Program Files (x86)\Norton AntiVirus => moved successfully
C:\Program Files (x86)\Norton Internet Security => moved successfully
C:\Program Files (x86)\Norton Security => moved successfully
C:\Program Files (x86)\NortonInstaller => moved successfully
C:\Program Files (x86)\Online Armor => moved successfully
C:\Program Files (x86)\OnlineArmor => moved successfully
C:\Program Files (x86)\Padvish Antivirus => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\Program Files (x86)\Panda Security URL Filtering => moved successfully
C:\Program Files (x86)\pandasecuritytb => moved successfully
C:\Program Files (x86)\PC Tools Security => moved successfully
C:\Program Files (x86)\Preventon Antivirus => moved successfully
C:\Program Files (x86)\Privacyware => moved successfully
C:\Program Files (x86)\Proland => moved successfully
C:\Program Files (x86)\Proland Software => moved successfully
C:\Program Files (x86)\PSafe => moved successfully
C:\Program Files (x86)\Quick Heal => moved successfully
C:\Program Files (x86)\Rising => moved successfully
C:\Program Files (x86)\Roboscan => moved successfully
C:\Program Files (x86)\SecureAge => moved successfully
C:\Program Files (x86)\Sophos => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\Program Files (x86)\SpyShelter => moved successfully
C:\Program Files (x86)\SpyShelter Premium => moved successfully
C:\Program Files (x86)\StopSign => moved successfully
C:\Program Files (x86)\STOPzilla Optimizer => moved successfully
C:\Program Files (x86)\STOPzilla! => moved successfully
C:\Program Files (x86)\SUPERAntiSpyware => moved successfully
C:\Program Files (x86)\Symantec AntiVirus => moved successfully
C:\Program Files (x86)\Tiranium AntiVirus => moved successfully
C:\Program Files (x86)\Tizer Secure => moved successfully
C:\Program Files (x86)\Total Defense => moved successfully
C:\Program Files (x86)\TotalDefense => moved successfully
C:\Program Files (x86)\Trend Micro => moved successfully
C:\Program Files (x86)\Trend Micro Installer => moved successfully
C:\Program Files (x86)\Trojan Remover => moved successfully
C:\Program Files (x86)\TrojanHunter => moved successfully
C:\Program Files (x86)\TrojanHunter 5.1 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.2 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.3 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.4 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.5 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.6 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.7 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.8 => moved successfully
C:\Program Files (x86)\TrojanHunter 5.9 => moved successfully
C:\Program Files (x86)\TrustPort => moved successfully
C:\Program Files (x86)\UnThreat => moved successfully
C:\Program Files (x86)\UnThreat AntiVirus => moved successfully
C:\Program Files (x86)\Vba32 => moved successfully
C:\Program Files (x86)\VIPRE => moved successfully
C:\Program Files (x86)\Webroot => moved successfully
C:\Program Files (x86)\Winalysis => moved successfully
C:\Program Files (x86)\Windows Defender => moved successfully
C:\Program Files (x86)\WinPcap => moved successfully
C:\Program Files (x86)\WinRoute Pro => moved successfully
C:\Program Files (x86)\WRData => moved successfully
C:\Program Files (x86)\xCore Software => moved successfully
C:\Program Files (x86)\Zillya Antivirus => moved successfully
C:\Program Files (x86)\Zillya Internet Security => moved successfully
C:\Program Files\Common Files\AVG Secure Search => moved successfully
C:\Program Files\Common Files\Baidu => moved successfully
C:\Program Files\Common Files\Bitdefender => moved successfully
C:\Program Files\Common Files\BullGuard Ltd => moved successfully
C:\Program Files\Common Files\COMODO => moved successfully
C:\Program Files\Common Files\Doctor Web => moved successfully
C:\Program Files\Common Files\eAcceleration => moved successfully
C:\Program Files\Common Files\G Data => moved successfully
C:\Program Files\Common Files\InfoWatch => moved successfully
C:\Program Files\Common Files\McAfee => moved successfully
C:\Program Files\Common Files\MicroWorld => moved successfully
C:\Program Files\Common Files\Panda Security => moved successfully
C:\Program Files\Common Files\Symantec Shared => moved successfully
C:\Program Files\Common Files\TrustPort => moved successfully
C:\Program Files (x86)\Common Files\AVG Secure Search => moved successfully
C:\Program Files (x86)\Common Files\Baidu => moved successfully
C:\Program Files (x86)\Common Files\Bitdefender => moved successfully
C:\Program Files (x86)\Common Files\BullGuard Ltd => moved successfully
C:\Program Files (x86)\Common Files\COMODO => moved successfully
C:\Program Files (x86)\Common Files\Doctor Web => moved successfully
C:\Program Files (x86)\Common Files\eAcceleration => moved successfully
C:\Program Files (x86)\Common Files\G Data => moved successfully
C:\Program Files (x86)\Common Files\InfoWatch => moved successfully
C:\Program Files (x86)\Common Files\McAfee => moved successfully
C:\Program Files (x86)\Common Files\MicroWorld => moved successfully
C:\Program Files (x86)\Common Files\Panda Security => moved successfully
C:\Program Files (x86)\Common Files\Symantec Shared => moved successfully
C:\Program Files (x86)\Common Files\TrustPort => moved successfully
C:\Users\Administrator\AppData\Roaming\.clamwin => moved successfully
C:\Users\Administrator\AppData\Roaming\360safe => moved successfully
C:\Users\Administrator\AppData\Roaming\360SD => moved successfully
C:\Users\Administrator\AppData\Roaming\360WD => moved successfully
C:\Users\Administrator\AppData\Roaming\Avanquest => moved successfully
C:\Users\Administrator\AppData\Roaming\AVAST Software => moved successfully
C:\Users\Administrator\AppData\Roaming\Avg2014 => moved successfully
C:\Users\Administrator\AppData\Roaming\Avira => moved successfully
C:\Users\Administrator\AppData\Roaming\Baidu Security => moved successfully
C:\Users\Administrator\AppData\Roaming\Bitdefender => moved successfully
C:\Users\Administrator\AppData\Roaming\BullGuard => moved successfully
C:\Users\Administrator\AppData\Roaming\Comodo => moved successfully
C:\Users\Administrator\AppData\Roaming\Crystal Security => moved successfully
C:\Users\Administrator\AppData\Roaming\eAcceleration => moved successfully
C:\Users\Administrator\AppData\Roaming\ESET => moved successfully
C:\Users\Administrator\AppData\Roaming\housecall.guid.cache => moved successfully
C:\Users\Administrator\AppData\Roaming\IObit => moved successfully
C:\Users\Administrator\AppData\Roaming\IObit Apps => moved successfully
C:\Users\Administrator\AppData\Roaming\K7 Computing => moved successfully
C:\Users\Administrator\AppData\Roaming\Lavasoft => moved successfully
C:\Users\Administrator\AppData\Roaming\LavasoftStatistics => moved successfully
Could not move "C:\Users\Administrator\AppData\Roaming\Malwarebytes" => Scheduled to move on reboot.
C:\Users\Administrator\AppData\Roaming\McAfee => moved successfully
C:\Users\Administrator\AppData\Roaming\McAfee File Lock => moved successfully
C:\Users\Administrator\AppData\Roaming\MicroWorld => moved successfully
C:\Users\Administrator\AppData\Roaming\nanoav => moved successfully
C:\Users\Administrator\AppData\Roaming\OnlineArmor => moved successfully
C:\Users\Administrator\AppData\Roaming\Panda Security => moved successfully
C:\Users\Administrator\AppData\Roaming\panda4_1dn => moved successfully
C:\Users\Administrator\AppData\Roaming\SpyShelter => moved successfully
C:\Users\Administrator\AppData\Roaming\Trend Micro => moved successfully
C:\Users\Administrator\AppData\Roaming\VIPRE => moved successfully
C:\Users\Administrator\AppData\Local\.clamwin => moved successfully
C:\Users\Administrator\AppData\Local\360safe => moved successfully
C:\Users\Administrator\AppData\Local\360SD => moved successfully
C:\Users\Administrator\AppData\Local\360WD => moved successfully
C:\Users\Administrator\AppData\Local\Avanquest => moved successfully
C:\Users\Administrator\AppData\Local\AVAST Software => moved successfully
C:\Users\Administrator\AppData\Local\Avg2014 => moved successfully
C:\Users\Administrator\AppData\Local\Avira => moved successfully
C:\Users\Administrator\AppData\Local\Baidu Security => moved successfully
C:\Users\Administrator\AppData\Local\Bitdefender => moved successfully
C:\Users\Administrator\AppData\Local\BullGuard => moved successfully
C:\Users\Administrator\AppData\Local\Comodo => moved successfully
C:\Users\Administrator\AppData\Local\Crystal Security => moved successfully
C:\Users\Administrator\AppData\Local\eAcceleration => moved successfully
C:\Users\Administrator\AppData\Local\ESET => moved successfully
C:\Users\Administrator\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Administrator\AppData\Local\IObit => moved successfully
C:\Users\Administrator\AppData\Local\IObit Apps => moved successfully
C:\Users\Administrator\AppData\Local\K7 Computing => moved successfully
C:\Users\Administrator\AppData\Local\Lavasoft => moved successfully
C:\Users\Administrator\AppData\Local\LavasoftStatistics => moved successfully
C:\Users\Administrator\AppData\Local\Malwarebytes => moved successfully
C:\Users\Administrator\AppData\Local\McAfee => moved successfully
C:\Users\Administrator\AppData\Local\McAfee File Lock => moved successfully
C:\Users\Administrator\AppData\Local\MicroWorld => moved successfully
C:\Users\Administrator\AppData\Local\nanoav => moved successfully
C:\Users\Administrator\AppData\Local\OnlineArmor => moved successfully
C:\Users\Administrator\AppData\Local\Panda Security => moved successfully
C:\Users\Administrator\AppData\Local\panda4_1dn => moved successfully
C:\Users\Administrator\AppData\Local\SpyShelter => moved successfully
C:\Users\Administrator\AppData\Local\Trend Micro => moved successfully
C:\Users\Administrator\AppData\Local\VIPRE => moved successfully
C:\ProgramData\.clamwin => moved successfully
C:\ProgramData\360 => moved successfully
C:\ProgramData\360SD => moved successfully
C:\ProgramData\Acceleration Software => moved successfully
C:\ProgramData\Agnitum => moved successfully
C:\ProgramData\AhnLab => moved successfully
C:\ProgramData\Alwil Software => moved successfully
C:\ProgramData\AntiVirus => moved successfully
C:\ProgramData\Arcabit => moved successfully
C:\ProgramData\Avanquest => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\ProgramData\Avetix => moved successfully
C:\ProgramData\AVG => moved successfully
C:\ProgramData\AVG Nation toolbar => moved successfully
C:\ProgramData\Avira => moved successfully
C:\ProgramData\Baidu Security => moved successfully
C:\ProgramData\Bitdefender => moved successfully
C:\ProgramData\BitGuard => moved successfully
C:\ProgramData\BullGuard => moved successfully
C:\ProgramData\BullGuard Ltd => moved successfully
C:\ProgramData\CA => moved successfully
C:\ProgramData\Cezurity => moved successfully
C:\ProgramData\CheckPoint => moved successfully
C:\ProgramData\ClamWin => moved successfully
C:\ProgramData\COMODO => moved successfully
C:\ProgramData\Comodo Downloader => moved successfully
C:\ProgramData\Crystal Security => moved successfully
C:\ProgramData\Doctor Web => moved successfully
C:\ProgramData\DrWeb => moved successfully
C:\ProgramData\DrWeb Enterprise Suite => moved successfully
C:\ProgramData\eAcceleration => moved successfully
C:\ProgramData\Emsisoft Anti-Malware => moved successfully
C:\ProgramData\eScan => moved successfully
C:\ProgramData\ESET => moved successfully
C:\ProgramData\F-Secure => moved successfully
C:\ProgramData\Filseclab => moved successfully
C:\ProgramData\Fortego Security => moved successfully
C:\ProgramData\FRISK Software => moved successfully
C:\ProgramData\G Data => moved successfully
C:\ProgramData\G DATA Software => moved successfully
C:\ProgramData\GFI => moved successfully
C:\ProgramData\HAURI => moved successfully
C:\ProgramData\IKARUS => moved successfully
C:\ProgramData\Immunet => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\Jetico => moved successfully
C:\ProgramData\K7 Computing => moved successfully
C:\ProgramData\Kaspersky Lab => moved successfully
C:\ProgramData\Kerio => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\ProgramData\Malware Defender => moved successfully
C:\ProgramData\Malwarebytes Anti-Malware => moved successfully
C:\ProgramData\Malwarebytes' Anti-Malware => moved successfully
C:\ProgramData\McAfee => moved successfully
C:\ProgramData\McAfee Security Scan => moved successfully
C:\ProgramData\McAfee.com => moved successfully
C:\ProgramData\McAfeeMOBK => moved successfully
C:\ProgramData\Microsoft Security Client => moved successfully
C:\ProgramData\MicroWorld => moved successfully
C:\ProgramData\mks_vir_9 => moved successfully
C:\ProgramData\Moon Secure Antivirus => moved successfully
C:\ProgramData\NANO Antivirus => moved successfully
C:\ProgramData\nanoav => moved successfully
C:\ProgramData\nanolsp => moved successfully
C:\ProgramData\Norman => moved successfully
C:\ProgramData\Norton 360 => moved successfully
C:\ProgramData\Norton Anti-Theft => moved successfully
C:\ProgramData\Norton AntiVirus => moved successfully
C:\ProgramData\Norton Internet Security => moved successfully
C:\ProgramData\Norton Security => moved successfully
C:\ProgramData\NortonInstaller => moved successfully
C:\ProgramData\Online Armor => moved successfully
C:\ProgramData\OnlineArmor => moved successfully
C:\ProgramData\Padvish Antivirus => moved successfully
C:\ProgramData\Panda Security => moved successfully
C:\ProgramData\Panda Security URL Filtering => moved successfully
C:\ProgramData\pandasecuritytb => moved successfully
C:\ProgramData\PC Tools Security => moved successfully
C:\ProgramData\Preventon Antivirus => moved successfully
C:\ProgramData\Privacyware => moved successfully
C:\ProgramData\Proland => moved successfully
C:\ProgramData\Proland Software => moved successfully
C:\ProgramData\PSafe => moved successfully
C:\ProgramData\Quick Heal => moved successfully
C:\ProgramData\Rising => moved successfully
C:\ProgramData\Roboscan => moved successfully
C:\ProgramData\SecureAge => moved successfully
C:\ProgramData\Sophos => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\SpyShelter => moved successfully
C:\ProgramData\SpyShelter Premium => moved successfully
C:\ProgramData\StopSign => moved successfully
C:\ProgramData\STOPzilla Optimizer => moved successfully
C:\ProgramData\STOPzilla! => moved successfully
C:\ProgramData\SUPERAntiSpyware => moved successfully
C:\ProgramData\Symantec AntiVirus => moved successfully
C:\ProgramData\Tiranium AntiVirus => moved successfully
C:\ProgramData\Tizer Secure => moved successfully
C:\ProgramData\Total Defense => moved successfully
C:\ProgramData\TotalDefense => moved successfully
C:\ProgramData\Trend Micro => moved successfully
C:\ProgramData\Trend Micro Installer => moved successfully
C:\ProgramData\Trojan Remover => moved successfully
C:\ProgramData\TrojanHunter => moved successfully
C:\ProgramData\TrojanHunter 5.1 => moved successfully
C:\ProgramData\TrojanHunter 5.2 => moved successfully
C:\ProgramData\TrojanHunter 5.3 => moved successfully
C:\ProgramData\TrojanHunter 5.4 => moved successfully
C:\ProgramData\TrojanHunter 5.5 => moved successfully
C:\ProgramData\TrojanHunter 5.6 => moved successfully
C:\ProgramData\TrojanHunter 5.7 => moved successfully
C:\ProgramData\TrojanHunter 5.8 => moved successfully
C:\ProgramData\TrojanHunter 5.9 => moved successfully
C:\ProgramData\TrustPort => moved successfully
C:\ProgramData\UnThreat => moved successfully
C:\ProgramData\UnThreat AntiVirus => moved successfully
C:\ProgramData\Vba32 => moved successfully
C:\ProgramData\VIPRE => moved successfully
C:\ProgramData\Webroot => moved successfully
C:\ProgramData\Winalysis => moved successfully
C:\ProgramData\Windows Defender => moved successfully
C:\ProgramData\WinPcap => moved successfully
C:\ProgramData\WinRoute Pro => moved successfully
C:\ProgramData\WRData => moved successfully
C:\ProgramData\xCore Software => moved successfully
C:\ProgramData\Zillya Antivirus => moved successfully
C:\ProgramData\Zillya Internet Security => moved successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-25 22:55:24)
 
"C:\Users\Administrator\AppData\Roaming\Malwarebytes" => Could not move
 
==== End of Fixlog 22:55:24 ====
 
The computer seems fine. But when the computer restart the virus re-install again.
I have launched a software called process monitor to find the software modifying the registry and creating the files.
I have attached my findings. It seems that process "smss.exe" is creating another file in "C:\windows\temp:1".
The new file is then modifying the registry and creating some other files. E.g : " C:\Windows\rdpinst"
 

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 28 January 2016 - 10:26 AM

Hi Kevin,

It looks like that file may not have been removed previously. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CloseProcesses:
C:\windows\temp:1
Reg: reg query "HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems"
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Rerun FRST, including Addition.txt

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST and Addition reports

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 28 January 2016 - 02:44 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by administrator (2016-01-28 22:24:03) Run:12
Running from C:\Users\Administrator\Desktop
Loaded Profiles: wing & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\windows\temp:1
Reg: reg query "HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems"
*****************
 
Processes closed successfully.
Could not move "C:\windows\temp:1" => Scheduled to move on reboot.
 
========= reg query "HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems" =========
 
 
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems
    Debug    REG_EXPAND_SZ    
    (Default)    REG_SZ    mnmsrvc
    Kmode    REG_EXPAND_SZ    \SystemRoot\System32\win32k.sys
    Optional    REG_MULTI_SZ    Posix
    Posix    REG_EXPAND_SZ    %SystemRoot%\system32\psxss.exe
    Required    REG_MULTI_SZ    Debug\0Windows
    Windows    REG_EXPAND_SZ    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
 
 
========= End of Reg: =========
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-28 22:30:52)
 
"C:\windows\temp:1" => Could not move
 
==== End of Fixlog 22:30:52 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by administrator (administrator) on MEA-HV1 (28-01-2016 22:33:50)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer (Available Profiles: wing & polly & updater & ta.operator & administrator & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Standard Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe
(Hewlett-Packard Company) C:\Program Files\HP\Cissesrv\cissesrv.exe
(Hewlett-Packard Company) C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
(Microsoft Corporation) C:\Windows\System32\dfsrs.exe
(Microsoft Corporation) C:\Windows\System32\dns.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Storage\Service\hpwmistor.exe
(Microsoft Corporation) C:\Windows\System32\ismserv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\smhstart.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Hewlett-Packard Company) C:\Windows\System32\CpqMgmt\cqmgserv\cqmgserv.exe
(Microsoft Corporation) C:\Windows\System32\dfssvc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\hpsmhd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Hewlett-Packard Company) C:\hp\hpsmh\bin\rotatelogs.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Hewlett-Packard Company) C:\Program Files\HP\NCU\cpqteam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Company) C:\Program Files\HPWBEM\Tools\HPWbemDump.exe
(Microsoft Corporation) C:\Windows\System32\iashost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Administrator\Desktop\FRST649.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CPQTEAM] => C:\Program Files\HP\NCU\cpqteam.exe [73728 2011-02-01] (Hewlett-Packard Company)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
IFEO\Adaware_Installer.exe: [Debugger] msiexec.exe
IFEO\autoruns.exe: [Debugger] msiexec.exe
IFEO\autorunsc.exe: [Debugger] msiexec.exe
IFEO\avast_free_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup.exe: [Debugger] msiexec.exe
IFEO\avast_internet_security_setup_online.exe: [Debugger] msiexec.exe
IFEO\avast_premier_antivirus_setup_online.exe: [Debugger] msiexec.exe
IFEO\AvetixSetup.exe: [Debugger] msiexec.exe
IFEO\avira_family_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\avira_ultimate_protection_suite_ru.exe: [Debugger] msiexec.exe
IFEO\BavPro_Setup_Mini_GL.exe: [Debugger] msiexec.exe
IFEO\bitdefender_tsecurity.exe: [Debugger] msiexec.exe
IFEO\BullGuardDownloaderBPP.exe: [Debugger] msiexec.exe
IFEO\cispremium_installer.exe: [Debugger] msiexec.exe
IFEO\ClamAVSetup.exe: [Debugger] msiexec.exe
IFEO\cureit.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win-space.exe: [Debugger] msiexec.exe
IFEO\drweb-900-win.exe: [Debugger] msiexec.exe
IFEO\EmsisoftEmergencyKit.exe: [Debugger] msiexec.exe
IFEO\EmsisoftInternetSecuritySetup.exe: [Debugger] msiexec.exe
IFEO\ess_trial32_rus.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstallerUpg.exe: [Debugger] msiexec.exe
IFEO\F-SecureNetworkInstaller_IS-ESTORE-TRIAL-GLOBAL_.exe: [Debugger] msiexec.exe
IFEO\FRST.exe: [Debugger] msiexec.exe
IFEO\FRST64.exe: [Debugger] msiexec.exe
IFEO\HousecallLauncher.exe: [Debugger] msiexec.exe
IFEO\K7UltimateSecurity_installer.exe: [Debugger] msiexec.exe
IFEO\McAfeeSetup.exe: [Debugger] msiexec.exe
IFEO\md_setup_en.exe: [Debugger] msiexec.exe
IFEO\OnlineArmorSetup.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall.exe: [Debugger] msiexec.exe
IFEO\OutpostSecuritySuiteProInstall_x64.exe: [Debugger] msiexec.exe
IFEO\PadvishAntivirusFree.exe: [Debugger] msiexec.exe
IFEO\PandaCloudAntivirus.exe: [Debugger] msiexec.exe
IFEO\ProcessHacker.exe: [Debugger] msiexec.exe
IFEO\procexp.exe: [Debugger] msiexec.exe
IFEO\PSafeAntivirusSetup.exe: [Debugger] msiexec.exe
IFEO\PSafeTotalSetup.exe: [Debugger] msiexec.exe
IFEO\QHTSFT64.EXE: [Debugger] msiexec.exe
IFEO\registry-life-setup.exe: [Debugger] msiexec.exe
IFEO\Roboscan_IS_Free_x64.exe: [Debugger] msiexec.exe
IFEO\SandboxieInstall.exe: [Debugger] msiexec.exe
IFEO\SecurityScan_Release.exe: [Debugger] msiexec.exe
IFEO\setup-vipre-internet-security-en-us-trial.exe: [Debugger] msiexec.exe
IFEO\SoftonicDownloader_for_panda-antivirus-pro.exe: [Debugger] msiexec.exe
IFEO\SpyShelter.exe: [Debugger] msiexec.exe
IFEO\stop-sign_install.exe: [Debugger] msiexec.exe
IFEO\Tiranium_antivirus_setup.exe: [Debugger] msiexec.exe
IFEO\TrojanHunterSetup.exe: [Debugger] msiexec.exe
IFEO\twister8_setup.exe: [Debugger] msiexec.exe
IFEO\UnThreatProSetup.exe: [Debugger] msiexec.exe
IFEO\Vba32.Vista.exe: [Debugger] msiexec.exe
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{87C50C27-9EC5-4670-81EA-E106C93FA55A}: [NameServer] 8.8.8.8,196.46.104.2
Tcpip\..\Interfaces\{A3F590B9-EB91-4C80-BC14-3EF5A9A59D51}: [NameServer] 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2966851551-1307263621-31438361-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-13] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\f6hnh96x.default-1415178779253
FF NetworkProxy: "type", 0
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: NetDvr_Plugins -> C:\Program Files (x86)\NetDvr\Plugins\npDvr.dll [2012-03-07] (DVR)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ADWS; C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe [487424 2013-01-25] (Microsoft Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe [1994096 2012-01-23] (Symantec Corporation)
R2 bedbg; C:\Program Files\Symantec\Backup Exec\RAWS\bedbg.exe [353648 2012-01-12] (Symantec Corporation)
S2 BitplusService; C:\Bitplus\CommMaster\WinService.exe [139264 2012-01-06] (Bitplus Solution Ltd) [File not signed]
S4 CIMnotify; C:\Windows\system32\CIMntfy\cimntfy.exe [269152 2011-03-09] (Hewlett-Packard Company)
R2 Cissesrv; C:\Program Files\HP\Cissesrv\cissesrv.exe [174592 2011-03-08] (Hewlett-Packard Company) [File not signed]
R2 CpqRcmc3; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 cpqvcagent; C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe [1356288 2011-02-18] (Hewlett-Packard Company) [File not signed]
S2 CqMgHost; C:\Windows\system32\CpqMgmt\cqmghost\cqmghost.exe [16224 2011-03-09] (Hewlett-Packard Company)
R2 CqMgServ; C:\Windows\system32\CpqMgmt\cqmgserv\cqmgserv.exe [15976 2011-02-03] (Hewlett-Packard Company)
R2 Dfs; C:\Windows\system32\dfssvc.exe [377344 2010-11-21] (Microsoft Corporation)
R2 DFSR; C:\Windows\system32\DFSRs.exe [4518400 2010-11-21] (Microsoft Corporation)
R2 DNS; C:\Windows\system32\dns.exe [696832 2011-12-26] (Microsoft Corporation)
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-14] (Microsoft Corporation)
R2 HPWMISTOR; C:\Program Files\HPWBEM\Storage\Service\HPWMISTOR.exe [20992 2011-01-06] (Hewlett-Packard Company) [File not signed]
R2 IsmServ; C:\Windows\System32\ismserv.exe [59392 2010-11-21] (Microsoft Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation)
R2 NTDS; C:\Windows\System32\lsass.exe [31232 2015-05-25] (Microsoft Corporation)
S4 NtFrs; C:\Windows\system32\ntfrs.exe [1020416 2010-11-21] (Microsoft Corporation)
S3 PDVFSService; C:\Program Files\Symantec\Backup Exec\RAWS\PDVFSService.exe [301720 2012-03-30] ()
R2 ProLiantMonitor; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation)
S3 rqs; C:\Windows\system32\rqs.exe [41472 2010-11-21] (Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-14] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-14] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)
S3 SQL Server Distributed Replay Client; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayClient\DReplayClient.exe [137304 2012-02-11] (Microsoft Corporation)
S3 SQL Server Distributed Replay Controller; C:\Program Files (x86)\Microsoft SQL Server\110\Tools\DReplayController\DReplayController.exe [342104 2012-02-11] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
R2 sysdown; C:\Program Files\Hewlett-Packard\iLO 3\service\ProLiantMonitor.exe [274024 2010-11-19] (Hewlett-Packard Company)
R2 SysMgmtHp; C:\hp\hpsmh\bin\smhstart.exe [2065408 2011-01-28] (Hewlett-Packard Company) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [2210816 2009-06-24] (ATI Technologies Inc.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-07] (Kaspersky Lab UK Ltd)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [225792 2011-01-26] (Hewlett-Packard Company)
R1 DfsDriver; C:\Windows\System32\drivers\dfs.sys [51776 2009-07-14] (Microsoft Corporation)
R0 DfsrRo; C:\Windows\System32\drivers\dfsrro.sys [66944 2010-11-21] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 HpCISSs2; C:\Windows\System32\DRIVERS\HpCISSs2.sys [157288 2010-08-10] (Hewlett-Packard Company)
R3 hpqilo3chif; C:\Windows\System32\DRIVERS\hpqilo3chif.sys [43112 2010-04-28] (Hewlett-Packard Company)
R3 hpqilo3core; C:\Windows\System32\DRIVERS\hpqilo3core.sys [44136 2010-07-29] (Hewlett-Packard Company)
R0 hpqilo3whea; C:\Windows\System32\DRIVERS\hpqilo3whea.sys [18472 2010-02-12] (Hewlett-Packard Company)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd60a.sys [103464 2011-02-22] (Broadcom Corporation)
U5 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 PDVFSDriver; C:\Windows\System32\drivers\pdfsd.sys [79480 2012-03-30] (Symantec Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-14] (Microsoft Corporation)
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [114296 2011-10-25] (Symantec Corporation)
U4 dmwappushsvc; no ImagePath
U4 WinDefend; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-28 22:30 - 2016-01-28 22:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\1
2016-01-27 21:56 - 2016-01-27 21:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MEA-HV1-Windows-Server-2008-R2-Standard-(64-bit).dat
2016-01-27 21:56 - 2016-01-27 21:56 - 00000000 ____D C:\RegBackup
2016-01-27 21:35 - 2016-01-27 21:35 - 00016384 _____ C:\Users\Administrator\AppData\Local\Temp\~DF3D746C0B96DDEEF4.TMP
2016-01-27 16:17 - 2016-01-27 16:19 - 00360448 _____ C:\Users\Administrator\AppData\Local\Temp\~DF800EE568A07268A5.TMP
2016-01-27 08:34 - 2016-01-27 08:34 - 00000000 ____D C:\Users\Administrator\Desktop\tweaking.com_windows_repair_aio
2016-01-27 04:29 - 2016-01-27 04:29 - 00142289 _____ C:\Users\wing\Documents\JO-1.xls
2016-01-26 23:23 - 2016-01-26 23:23 - 00000000 ____D C:\Users\Administrator\Desktop\npt_x86_x64_enu_(20150512)
2016-01-26 23:10 - 2016-01-27 22:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\WUDiagTempFolder
2016-01-26 22:02 - 2016-01-12 09:52 - 00672783 _____ C:\Users\Administrator\Desktop\npt_x86_x64_enu_(20150512).zip
2016-01-26 20:51 - 2016-01-26 20:51 - 00000000 ____D C:\Windows\CheckSur
2016-01-26 13:20 - 2016-01-26 13:20 - 00037314 _____ C:\Users\wing\Documents\MO-06034-JO.xls
2016-01-26 06:01 - 2016-01-28 08:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\eset
2016-01-26 01:01 - 2016-01-26 01:01 - 00002865 _____ C:\Users\Administrator\Desktop\FSS.txt
2016-01-26 00:41 - 2016-01-27 01:33 - 00000000 ____D C:\Users\Administrator\SecurityScans
2016-01-26 00:41 - 2016-01-26 00:41 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.3.lnk
2016-01-26 00:41 - 2016-01-26 00:41 - 00001041 _____ C:\Users\Public\Desktop\Microsoft Baseline Security Analyzer 2.3.lnk
2016-01-26 00:41 - 2016-01-26 00:41 - 00000000 ____D C:\Program Files\Microsoft Baseline Security Analyzer 2
2016-01-26 00:40 - 2016-01-26 00:40 - 01818624 _____ C:\Users\Administrator\Desktop\MBSASetup-x64-EN.msi
2016-01-26 00:38 - 2016-01-28 22:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-26 00:37 - 2016-01-26 23:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-26 00:37 - 2016-01-26 00:37 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-26 00:37 - 2016-01-26 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-26 00:37 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-26 00:37 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-26 00:37 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-26 00:36 - 2016-01-26 00:36 - 00000115 _____ C:\Users\Administrator\Desktop\reg.txt
2016-01-26 00:34 - 2016-01-27 22:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\ResetBitsTempFolder
2016-01-26 00:33 - 2016-01-26 23:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\msdtadmin
2016-01-26 00:28 - 2016-01-28 22:30 - 00001809 _____ C:\Users\Administrator\Desktop\Fixlog.txt
2016-01-26 00:20 - 2016-01-28 22:34 - 00018548 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-01-26 00:11 - 2016-01-26 00:12 - 00000000 ____D C:\Users\Administrator\Desktop\New folder
2016-01-26 00:08 - 2016-01-26 00:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp\TeamViewer
2016-01-25 23:46 - 2016-01-25 23:51 - 00188002 _____ C:\TDSSKiller.3.1.0.9_25.01.2016_23.46.22_log.txt
2016-01-25 23:28 - 2016-01-25 23:22 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Desktop\tdsskiller.exe
2016-01-25 23:07 - 2016-01-25 23:07 - 00000010 _____ C:\Windows\WININIT.INI
2016-01-25 22:59 - 2016-01-25 22:59 - 00000000 __SHD C:\Users\Administrator\AppData\Roaming\jMYkWQPE9fo
2016-01-25 22:25 - 2016-01-25 22:25 - 00041882 _____ C:\Temp Dlls.rar
2016-01-25 22:08 - 2016-01-25 22:08 - 00000000 ____D C:\Users\Administrator\Desktop\GrantPerms64
2016-01-25 21:06 - 2016-01-25 19:49 - 00628779 _____ C:\Users\Administrator\Desktop\GrantPerms64.zip
2016-01-20 09:11 - 2016-01-28 09:27 - 00000498 __RSH C:\Users\wing\ntuser.pol
2016-01-20 09:11 - 2016-01-20 09:11 - 00000000 ____D C:\Users\wing\AppData\Roaming\AVG
2016-01-18 12:47 - 2016-01-18 13:04 - 52988120 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Windows-KB890830-x64-V5.32.exe
2016-01-18 09:29 - 2016-01-18 09:29 - 00000000 ____D C:\Users\ta.operator\AppData\Roaming\AVG
2016-01-17 23:36 - 2016-01-17 23:37 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrator\Downloads\HijackThis1.exe
2016-01-17 23:25 - 2016-01-17 23:25 - 00003078 __RSH C:\ProgramData\ntuser.pol
2016-01-17 21:42 - 2016-01-17 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\666A05D6.sys
2016-01-17 19:27 - 2016-01-17 19:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\63DE1EBE.sys
2016-01-17 14:49 - 2016-01-17 14:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG
2016-01-17 14:46 - 2016-01-21 20:27 - 00000000 ____D C:\ProgramData\MFAData
2016-01-17 08:02 - 2016-01-26 20:58 - 00000000 ____D C:\Users\Administrator\Desktop\processmonitor
2016-01-17 08:00 - 2016-01-17 07:54 - 00967601 _____ C:\Users\Administrator\Desktop\processmonitor.zip
2016-01-17 00:57 - 2016-01-17 00:57 - 00000000 ____D C:\Windows\pss
2016-01-16 14:17 - 2016-01-17 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\024962E9.sys
2016-01-16 00:09 - 2016-01-26 06:05 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-16 00:09 - 2016-01-16 00:24 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-01-16 00:09 - 2016-01-16 00:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-01-16 00:02 - 2016-01-16 00:08 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-16 00:02 - 2016-01-16 00:02 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-15 23:38 - 2016-01-15 23:38 - 00000987 _____ C:\Users\Administrator\Desktop\Install Kaspersky Small Office Security version 15.0.2.361.lnk
2016-01-15 23:37 - 2016-01-15 23:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-01-15 23:33 - 2016-01-28 22:33 - 00006156 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-01-15 23:33 - 2016-01-28 22:32 - 00000000 ____D C:\Users\Administrator\Desktop\rkill
2016-01-15 23:08 - 2016-01-15 23:10 - 00000000 ____D C:\Users\Administrator\Desktop\archive
2016-01-15 13:25 - 2016-01-15 13:25 - 00302011 _____ C:\Users\Administrator\Desktop\WindowsUpdateDiagnostic.diagcab
2016-01-14 15:45 - 2016-01-14 15:45 - 00000000 ____D C:\KVRT_Data
2016-01-13 11:11 - 2016-01-13 11:13 - 01603184 _____ (Kaspersky Lab) C:\Users\Administrator\Downloads\ksos15.0.2.361en_8257.exe
2016-01-13 09:39 - 2016-01-13 09:39 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-01-13 09:39 - 2016-01-13 09:39 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-13 09:39 - 2016-01-13 09:39 - 00000000 ____D C:\Program Files\CCleaner
2016-01-13 09:21 - 2016-01-13 09:36 - 06805440 _____ (Piriform Ltd) C:\Users\Administrator\Downloads\ccsetup513.exe
2016-01-13 09:04 - 2016-01-26 11:58 - 00000498 __RSH C:\Users\ta.operator\ntuser.pol
2016-01-13 09:04 - 2016-01-26 11:58 - 00000000 ____D C:\Users\ta.operator
2016-01-13 09:04 - 2016-01-23 00:33 - 00000000 ____D C:\Users\ta.operator\AppData\Local\Temp\TeamViewer
2016-01-13 09:04 - 2016-01-13 09:04 - 00001373 _____ C:\Users\ta.operator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-13 09:04 - 2016-01-13 09:04 - 00000020 ___SH C:\Users\ta.operator\ntuser.ini
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\My Documents
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Videos
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Pictures
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 _SHDL C:\Users\ta.operator\Documents\My Music
2016-01-13 09:04 - 2016-01-13 09:04 - 00000000 ____D C:\Users\ta.operator\AppData\Roaming\Adobe
2016-01-13 09:04 - 2015-08-26 14:43 - 00001140 _____ C:\Users\ta.operator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-13 09:04 - 2013-12-05 17:03 - 00002709 _____ C:\Users\ta.operator\Desktop\CommMaster.exe.lnk
2016-01-13 09:04 - 2013-12-05 16:44 - 00001126 _____ C:\Users\ta.operator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-13 01:03 - 2016-01-28 22:33 - 00000000 ____D C:\FRST
2016-01-13 00:46 - 2016-01-12 23:23 - 02370560 _____ (Farbar) C:\Users\Administrator\Desktop\FRST649.exe
2016-01-13 00:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\is-QTA0N.tmp
2016-01-12 23:58 - 2016-01-12 23:59 - 05200384 _____ (AVAST Software) C:\Users\Administrator\Downloads\aswmbr.exe
2016-01-12 23:49 - 2016-01-12 23:58 - 00975760 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.49.31_log.txt
2016-01-12 23:44 - 2016-01-12 23:47 - 00029726 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.44.53_log.txt
2016-01-12 23:19 - 2016-01-12 23:39 - 03052590 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.19.57_log.txt
2016-01-12 23:12 - 2016-01-12 23:15 - 00004758 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.12.03_log.txt
2016-01-12 23:05 - 2016-01-12 23:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-12 23:00 - 2016-01-12 23:06 - 00785246 _____ C:\TDSSKiller.3.1.0.9_12.01.2016_23.00.00_log.txt
2016-01-12 22:28 - 2016-01-12 22:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28492206.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\311B1F75.sys
2016-01-12 22:24 - 2016-01-12 22:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0B351F5F.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\73D678A1.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\6FC178B5.sys
2016-01-12 21:34 - 2016-01-12 21:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\49DA789E.sys
2016-01-12 21:23 - 2016-01-12 21:23 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\28D97070.sys
2016-01-12 10:25 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-01-12 10:19 - 2016-01-12 10:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\QuickScan
2016-01-12 10:18 - 2016-01-12 10:19 - 10447328 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition_x64.exe
2016-01-12 09:55 - 2016-01-12 09:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-01-12 09:52 - 2016-01-12 09:53 - 00162208 _____ C:\Users\Administrator\Downloads\Antivirus_Free_Edition.exe
2016-01-12 09:18 - 2016-01-12 09:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-12 08:43 - 2016-01-12 22:36 - 00000000 ____D C:\AdwCleaner
2016-01-12 08:30 - 2016-01-11 14:20 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-01-08 14:40 - 2016-01-08 14:40 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-01-08 13:15 - 2016-01-08 13:56 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-08 13:05 - 2016-01-08 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-08 12:03 - 2015-11-22 07:52 - 00001281 _____ C:\Users\Administrator\Desktop\Report Center.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:52 - 00001249 _____ C:\Users\Administrator\Desktop\E-Inspector.exe.lnk
2016-01-08 12:03 - 2015-11-22 07:51 - 00001301 _____ C:\Users\Administrator\Desktop\Control Center.exe.lnk
2016-01-08 12:03 - 2015-10-07 19:56 - 00000997 _____ C:\Users\Administrator\Desktop\Start.lnk
2016-01-08 12:03 - 2015-08-26 14:43 - 00001140 _____ C:\Users\Administrator\Desktop\TA Master.exe - Shortcut.lnk
2016-01-08 12:03 - 2015-07-25 07:34 - 00001216 _____ C:\Users\Administrator\Desktop\LicencingServiceHandle.exe - Shortcut.lnk
2016-01-08 12:03 - 2014-03-26 17:26 - 00001455 _____ C:\Users\Administrator\Desktop\Google Drive.lnk
2016-01-08 12:03 - 2013-12-05 17:03 - 00002709 _____ C:\Users\Administrator\Desktop\CommMaster.exe.lnk
2016-01-08 12:03 - 2013-12-05 16:44 - 00001126 _____ C:\Users\Administrator\Desktop\PayMaster TZ - Shortcut.lnk
2016-01-08 11:18 - 2016-01-25 22:55 - 00000498 __RSH C:\Users\Administrator\ntuser.pol
2016-01-08 10:26 - 2016-01-08 10:43 - 02113152 _____ C:\Users\Administrator\Downloads\PANDAFREEAV.exe
2016-01-05 07:00 - 2016-01-05 07:00 - 00000005 _____ C:\Windows\SysWOW64\uin_v5.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-28 22:29 - 2012-09-21 12:15 - 00006944 _____ C:\Windows\system32\config\netlogon.dnb
2016-01-28 22:29 - 2012-09-21 12:15 - 00002215 _____ C:\Windows\system32\config\netlogon.dns
2016-01-28 22:29 - 2012-09-21 12:09 - 00000000 ____D C:\Windows\system32\dns
2016-01-28 22:28 - 2009-07-14 08:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-28 22:27 - 2012-09-21 12:10 - 00000000 ____D C:\Windows\NTDS
2016-01-28 22:27 - 2009-07-14 06:20 - 00000000 ____D C:\Windows
2016-01-28 22:15 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Globalization
2016-01-28 21:43 - 2013-09-17 11:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-28 18:19 - 2013-12-05 17:05 - 00002178 _____ C:\Windows\system32\ocxTaps.ocx
2016-01-28 18:18 - 2013-12-05 17:01 - 00000196 _____ C:\Windows\ODBC.INI
2016-01-28 13:06 - 2015-11-24 13:07 - 00000035 _____ C:\Users\wing\Documents\LoginUser.ini
2016-01-28 09:31 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-28 09:31 - 2009-07-14 07:49 - 00021536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-28 09:27 - 2014-03-21 12:49 - 00000000 ____D C:\Users\wing
2016-01-28 08:28 - 2009-07-14 08:10 - 01167700 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-28 08:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-01-27 22:00 - 2009-07-14 05:34 - 00000128 _____ C:\Windows\win.ini
2016-01-27 01:33 - 2009-07-14 07:49 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-26 22:23 - 2009-07-14 06:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-26 08:21 - 2012-09-20 10:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-26 00:41 - 2012-01-05 08:51 - 00000000 ___RD C:\Users\Administrator
2016-01-22 13:46 - 2012-09-20 12:43 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio
2016-01-21 20:27 - 2012-09-26 12:26 - 00000000 ____D C:\Program Files\Symantec
2016-01-21 20:27 - 2012-09-26 12:25 - 00000000 ____D C:\ProgramData\Symantec
2016-01-21 17:24 - 2013-12-05 16:55 - 00000000 ____D C:\Users\Administrator\Documents\SQL Server Management Studio Express
2016-01-18 21:38 - 2012-09-20 10:56 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-18 11:06 - 2012-10-22 19:49 - 00002286 ____H C:\Users\Administrator\Documents\Default.rdp
2016-01-17 18:28 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\system
2016-01-17 07:53 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\tracing
2016-01-14 14:51 - 2012-09-21 12:03 - 00000000 ____D C:\Windows\ADWS
2016-01-13 09:46 - 2012-12-06 19:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeamViewer
2016-01-13 09:46 - 2012-01-06 00:39 - 00000000 ____D C:\Windows\Panther
2016-01-13 02:14 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\Cursors
2016-01-12 23:42 - 2012-01-05 08:55 - 00000000 ____D C:\Windows\system32\CPQNiMgt
2016-01-08 13:14 - 2012-10-23 08:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-05 07:10 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\security
2015-12-30 10:02 - 2015-09-18 05:48 - 00000049 _____ C:\Users\Administrator\Documents\LoginUser.ini
 
==================== Files in the root of some directories =======
 
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Microsoft Security Client
2009-07-14 02:31 - 2009-07-14 02:31 - 0000000 __RSH () C:\Program Files\Windows Defender
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-21 22:10
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by administrator (2016-01-28 22:34:22)
Running from C:\Users\Administrator\Desktop
Windows Server 2008 R2 Standard Service Pack 1 (X64) (2012-01-05 05:49:22)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2111210579-2508024259-4227724949-500 - Administrator - Enabled)
Guest (S-1-5-21-2111210579-2508024259-4227724949-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
mes (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ramadhani (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
kevin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
grace (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
benard (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
joyce (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
yudra (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
rfid (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
wing (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
pattern (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
polly (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
ntsec_admin (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
updater (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
ta.operator (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-HV1$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-WITNESS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-WIT$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-HV2$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC03$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC04$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC05$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC06$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
MEA-PC10$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
AX-OPERATION1$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.24.50.5-090623a-083726C-HP - )
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
Basic Dll (HKLM-x32\...\{A161569E-5716-4723-810A-543D11085A84}) (Version: 1.00.0000 - Your Company Name)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
CommMaster (HKLM-x32\...\{F1F1E134-D752-4F64-B911-54FD24470AB7}) (Version: 1.00.0000 - Bitplus Solutions Pvt Ltd.)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Headless Server Registry Update (HKLM-x32\...\{4E5563B6-DE0A-4F3B-A5D6-15789FD12D9B}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP Array Configuration Utility (HKLM-x32\...\{B3483815-1FDD-4858-9AC6-561668DF4CB7}) (Version: 8.70.9.0 - Hewlett Packard Development Company, L.P.)
HP Array Configuration Utility CLI (HKLM-x32\...\{FA2F10E2-5C8D-45CE-9BA6-7F36358AA59A}) (Version: 8.70.8.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Diagnostics  Online Edition for Windows (HKLM\...\{DCEA910B-3269-4F5B-A915-D59293004751}) (Version: 8.7.0 - Hewlett-Packard Development Company, L.P.)
HP Insight Management Agents (HKLM\...\{F0441130-12F7-4863-8082-F288C2C8DA0D}) (Version: 8.70.0.0 - Hewlett-Packard Company)
HP Insight Management WBEM Providers for Windows Server 2003/2008 x64 Editions (HKLM\...\HP-{0D1A88D4-29D7-4ED4-8045-932D7205F589}) (Version: 2.8.0.0 - Hewlett-Packard Company)
HP Lights-Out Online Configuration Utility (HKLM\...\{738E8C94-69B6-4B2A-8C49-B9953FC9BDF1}) (Version: 3.1.1.0 - Hewlett-Packard Development Company, L.P.)
HP ProLiant iLO 3 Management Controller Package (HKLM\...\HP-{15EC9FFF-3B11-4F2A-92F8-F63F33F64B31}) (Version: 3.3.0.0 - Hewlett-Packard Company)
HP ProLiant Integrated Management Log Viewer (HKLM\...\{FD0113AF-30E4-4618-BB9F-D6693A6ADCE2}) (Version: 5.25.0.0 - Hewlett-Packard Company)
HP ProLiant PCI-express Power Management Update for Windows (HKLM-x32\...\{34D6E797-AA32-455D-8E65-4EBD1AC9DED7}) (Version: 1.3.0.0 - Hewlett-Packard Company)
HP Smart Array SAS/SATA Event Notification Service (HKLM\...\{E126B2CA-8E29-4A1B-97A3-DD9D336611C9}) (Version: 6.24.0.64 - Hewlett-Packard Development Company, L.P.)
HP System Management Homepage (HKLM-x32\...\{3C4DF0FD-95CF-4F7B-A816-97CEF616948F}) (Version: 6.3.0 - Hewlett-Packard Development Company, L.P.)
HP Version Control Agent (HKLM-x32\...\{5A5F45AE-0250-4C34-9D89-F10BDDEE665F}) (Version: 6.3.0.870 - Hewlett Packard Development Company, L.P.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{966FBF69-F373-4E40-AA4A-3428BCEFC0D2}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 (HKLM\...\{F14401A9-F0A0-33CC-8444-F60823A60DEB}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NetDvrPlugin 1.0 (HKLM-x32\...\NetDvrPlugin) (Version: 1.0 - )
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PayMaster (HKLM-x32\...\{C2FBCACC-1378-44ED-960E-FBC38107025D}) (Version: 11.0.100 - Endeavour Africa Limited)
PFA Server Registry Update (HKLM-x32\...\{173438F5-BD4D-47AE-9C8F-73E6BAA62624}) (Version: 1.0.0.0 - Hewlett-Packard Company)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SQL Server 2012 Analysis Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality service (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Distributed Replay (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Integration Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 RS_SharePoint_SharedService (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Symantec Backup Exec Remote Agent for Windows (HKLM\...\Remote Agent for Windows Servers) (Version: 14.0.1798 - Symantec Corporation)
Symantec Backup Exec Remote Agent for Windows (Version: 14.0.1798 - Symantec Corporation) Hidden
TA Master (HKLM-x32\...\{21DE695A-C5DE-4642-A001-843C70E23C4A}) (Version: 11.0.100 - Endeavourafrica)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3054791) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{591150FB-47D4-495C-9E76-F8D354A2577D}) (Version:  - Microsoft)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\ContextMenu.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
CustomCLSID: HKU\S-1-5-21-2966851551-1307263621-31438361-500_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Administrator\AppData\Local\CloudStation\CloudStation.app\icon-overlay\14\x64\iconOverlay.d (the data entry has 13 more characters).
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07EC4DB6-C462-480B-82A7-324943AAAB60} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56184CA7-B372-451C-941E-9AB8BECE0830} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56CBC736-1731-4CB0-9906-B9A75AC60BC8} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {639C8FF9-34CB-4713-A67D-7F5A272F2B90} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-14] (Microsoft Corporation)
Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
Task: {9C530414-EC31-4F0E-98CB-038E0137613B} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {9DA6354B-4BB1-4883-AA17-3F01F58FFEAA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {A25A0A3C-C5BA-4422-8F26-734843C3932A} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {AB4B612D-2B13-4352-B897-86EC7BB5B253} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-21] (Microsoft Corporation)
Task: {C4F6244D-511E-43F1-A48F-EFDE1F99085D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-21] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Administrator\Desktop\Start.lnk -> D:\RFID\5.Start\Start.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-11-06 09:33 - 2009-11-06 09:33 - 00027136 _____ () C:\hp\hpsmh\data\cgi-bin\vcagent\XalanMessages_1_10.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00032768 _____ () C:\Program Files\HPWBEM\Storage\Service\CQMGSTOR.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00029696 _____ () C:\Program Files\HPWBEM\Storage\Service\cqstrutl.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00057344 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMSCSI.DLL
2011-01-06 16:22 - 2011-01-06 16:22 - 00041472 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQMDISK.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00048640 _____ () C:\Program Files\HPWBEM\Storage\Service\CPQSAS.DLL
2012-01-05 08:55 - 2011-01-12 09:42 - 01550336 _____ () C:\hp\hpsmh\bin\libxml2.dll
2012-01-05 08:55 - 2011-01-12 09:37 - 00072704 _____ () C:\hp\hpsmh\bin\zlib1.dll
2012-01-05 08:55 - 2011-01-12 09:42 - 01550336 _____ () C:\hp\hpsmh\modules\libxml2.dll
2011-01-06 16:22 - 2011-01-06 16:22 - 00931840 _____ () C:\Program Files\HPWBEM\Storage\dll\infomgr.dll
2013-12-07 10:45 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2016-01-28 22:31 - 2016-01-28 22:31 - 00098816 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32api.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00110080 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\pywintypes27.dll
2016-01-28 22:31 - 2016-01-28 22:31 - 00364544 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\pythoncom27.dll
2016-01-28 22:31 - 2016-01-28 22:31 - 00045568 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_socket.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 01161216 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_ssl.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00320512 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32com.shell.shell.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00713216 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_hashlib.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 01175040 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._core_.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00805888 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._gdi_.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00811008 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._windows_.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 01062400 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._controls_.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00735232 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._misc_.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00682496 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\pysqlite2._sqlite.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00087552 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_ctypes.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00119808 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32file.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00108544 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32security.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00007168 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\hashobjs_ext.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00026624 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\usb_ext.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00167936 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32gui.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00018432 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32event.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00128512 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_elementtree.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00127488 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\pyexpat.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00013824 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\common.time34.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00036864 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_psutil_windows.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00038912 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32inet.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00011264 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32crypt.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00070656 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._html2.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00027136 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_multiprocessing.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00020480 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\_yappi.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00035840 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32process.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00686080 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\unicodedata.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00122368 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._wizard.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00024064 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32pipe.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00010240 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\select.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00025600 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32pdh.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00525640 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\windows._lib_cacheinvalidation.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00017408 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32profile.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00022528 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\win32ts.pyd
2016-01-28 22:31 - 2016-01-28 22:31 - 00078336 _____ () C:\Users\Administrator\AppData\Local\Temp\1\_MEI78282\wx._animate.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\Temp:1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\45926310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87663587.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\45926310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87663587.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2966851551-1307263621-31438361-500\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:31 - 2009-07-14 02:31 - 00006772 ___SH C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 account.norton.com
0.0.0.0 www.gmer.net
0.0.0.0 bleepingcomputer.com
0.0.0.0 www.bleepingcomputer.com
0.0.0.0 malekal.com
0.0.0.0 www.malekal.com
0.0.0.0 accounts.comodo.com
0.0.0.0 activation.adtrustmedia.com
0.0.0.0 activation-v2.kaspersky.com
0.0.0.0 auth.ff.avast.com
0.0.0.0 avstats.avira.com
0.0.0.0 backup1.bullguard.com
0.0.0.0 buddy.bitdefender.com
0.0.0.0 c2.dev.drweb.com
0.0.0.0 antivirus.baidu.com
0.0.0.0 cdn.static.malwarebytes.org
0.0.0.0 csasmain.symantec.com
0.0.0.0 definitionsbd.lavasoft.com
0.0.0.0 dm.kaspersky-labs.com
0.0.0.0 dnsscan.shadowserver.org
0.0.0.0 download.bitdefender.com
0.0.0.0 download.bullguard.com
0.0.0.0 download.comodo.com
0.0.0.0 download.eset.com
0.0.0.0 download.geo.drweb.com
0.0.0.0 downloadnada.lavasoft.com
0.0.0.0 downloads.comodo.com
0.0.0.0 downloads.lavasoft.com
0.0.0.0 www.reasoncoresecurity.com
0.0.0.0 reasoncoresecurity.com
 
There are 212 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2966851551-1307263621-31438361-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 196.46.104.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe
FirewallRules: [{395C6DD3-D0DF-40DA-8FCF-40F1915382A7}] => (Allow) C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
FirewallRules: [Remrras-In-RPC] => (Allow) %systemroot%\system32\remrras.exe
FirewallRules: [RQS-In-TCP] => (Allow) %systemroot%\system32\rqs.exe
FirewallRules: [{004E0287-82A2-418D-8AD6-0D5E96BEBDCC}] => (Allow) %ProgramFiles% (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe
FirewallRules: [{947463A8-6032-4CD4-9444-037161750CA1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7FE5E028-F1D6-4E75-843E-0C1E33901E18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{11E8E939-60E2-4E9E-A148-604E528BA931}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EF0B5E35-5C0E-4C80-9F72-E4E2E5797E4B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{9BB44BD9-DE25-4B63-9384-AF647C45DC0D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FC6BB805-0AAD-4F2E-80ED-753226557DF4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/28/2016 10:30:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/28/2016 10:30:46 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966851551-1307263621-31438361-1122.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c68c09c1-ba3c-4b21-903e-73449cb1dbcd}
 
Error: (01/28/2016 10:29:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/WMIselect * from HP_McSystemEvent0x80041010
 
Error: (01/28/2016 10:29:25 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).
 
Error: (01/28/2016 10:29:25 PM) (Source: SQLSERVERAGENT) (EventID: 324) (User: )
Description: OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).
 
Error: (01/28/2016 10:54:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DownloadData.exe, version: 1.27.0.0, time stamp: 0x530f3b4f
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0xc0000005
Fault offset: 0x001fe8ae
Faulting process id: 0x%9
Faulting application start time: 0xDownloadData.exe0
Faulting application path: DownloadData.exe1
Faulting module path: DownloadData.exe2
Report Id: DownloadData.exe3
 
Error: (01/28/2016 10:54:34 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (6451FB1E) (80131506)
 
Error: (01/28/2016 09:37:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DownloadData.exe, version: 1.27.0.0, time stamp: 0x530f3b4f
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0xc0000005
Fault offset: 0x00009375
Faulting process id: 0x%9
Faulting application start time: 0xDownloadData.exe0
Faulting application path: DownloadData.exe1
Faulting module path: DownloadData.exe2
Report Id: DownloadData.exe3
 
Error: (01/28/2016 09:37:17 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (634AFB1E) (80131506)
 
Error: (01/28/2016 08:23:58 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2966851551-1307263621-31438361-1122.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {bea09ce6-d5cb-4729-a862-97d8b5c83b3f}
 
 
System errors:
=============
Error: (01/28/2016 10:29:13 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The HP Insight Foundation Agents service depends the following service: CpqNicMgmt. This service might not be installed.
 
Error: (01/28/2016 10:29:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BitplusService service failed to start due to the following error: 
%%1053
 
Error: (01/28/2016 10:29:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BitplusService service to connect.
 
Error: (01/28/2016 10:24:43 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (01/28/2016 10:24:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (MSSQLSERVER) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/28/2016 10:24:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/28/2016 10:24:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DNS Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/28/2016 10:24:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BitplusService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/28/2016 10:24:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Virtual Disk service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (01/28/2016 10:24:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU E5645 @ 2.40GHz
Percentage of memory in use: 12%
Total physical RAM: 30709.8 MB
Available physical RAM: 26924.3 MB
Total Virtual: 61417.81 MB
Available Virtual: 57026.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:136.69 GB) (Free:47.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:838.09 GB) (Free:654.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 136.7 GB) (Disk ID: 2AD03F45)
Partition 1: (Active) - (Size=136.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 838.1 GB) (Disk ID: EB3CB301)
Partition 1: (Not Active) - (Size=838.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,617 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:10 AM

Posted 28 January 2016 - 03:33 PM

Looks like that entry keeps fighting back.

"C:\windows\temp:1" => Could not move


Do you have a Windows Server 2008 installation disk?

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook for either 32 bit or 64 bit systems and save it to your Desktop
  • Right click on SystemLook.exe and select Run As Administrator (Windows XP simply double click)
  • Copy the content of the following codebox into the main textfield:
:filefind
*Temp:1*
*Rdpinst*
:folderfind
*Rdpinst*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Installation disk?
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 virtuoso

virtuoso
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:10 PM

Posted 29 January 2016 - 05:27 AM

I acquired the server with the OS installed and did not get the disk.

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:12 on 29/01/2016 by administrator
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*Temp:1*"
No files found.
 
Searching for "*Rdpinst*"
No files found.
 
========== folderfind ==========
 
Searching for "*Rdpinst*"
No folders found.
 
-= EOF =-

Edited by virtuoso, 29 January 2016 - 05:28 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users