Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sony VAIO, Windows XP won't boot after Malware Removal. [Solved]


  • This topic is locked This topic is locked

#31
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Good morning emeraldnzl! Ok so I downloaded FRST from another source and it worked!! Here is the log it gave me:



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 119 days old)
Ran by SYSTEM at 09-04-2013 12:53:12
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1512744 2009-05-26] (Synaptics Incorporated)
HKLM\...\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2009-05-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [217088 2009-03-26] (Sony Corporation)
HKLM\...\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [503808 2008-07-22] (Sony Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [315392 2008-05-15] (Sony Corporation)
HKLM\...\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary [866144 2008-06-11] (Sony Corporation)
HKLM\...\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [x]
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [Facebook Update] "C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Marita XoXo\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Marita XoXo\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.200.241.37 24.202.72.13
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Marita XoXo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 HitmanPro37CrusaderBoot; "C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe" /crusader:boot [9096848 2013-04-05] (SurfRight B.V.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 RaAutoInstSrv_AM10; C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3289208 2013-01-31] (Skype Technologies S.A.)
3 SOHCImp; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-03-25] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-03-25] (Sony Corporation)
3 SOHDms; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe" [390440 2009-03-25] (Sony Corporation)
3 SOHDs; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-03-25] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-03-25] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2012-12-25] ()
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-01-21] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [176128 2009-03-18] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [5184872 2009-01-14] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-01-21] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2009-01-21] (Sony Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [91776 2009-04-10] (Ricoh co.,Ltd.)
3 AM10; C:\Windows\System32\DRIVERS\AM10XP.sys [816672 2010-03-23] (Ralink Technology, Corp.)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-05-14] (Creative)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1529600 2009-03-28] (Atheros Communications, Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
3 AWINDIS5; \??\C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-12] (AMBIT Microsystems Corporation.)
3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534312 2009-06-11] (Broadcom Corporation.)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2009-06-11] (Broadcom Corporation.)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-06-11] (Broadcom Corporation.)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2009-06-11] (Broadcom Corporation.)
3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [56992 2009-06-11] (Broadcom Corporation.)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-06-11] (Broadcom Corporation.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [39424 2009-05-26] (Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-05-14] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2009-03-04] (Sony Corporation)
3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-16] (Sony Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\5U876.sys 21e762887187cf03494104165f3c148d
C:\Windows\System32\DRIVERS\ACPI.sys d8fb7d1c3f5bfa3f53fe9cc6367e9e99
C:\Windows\System32\DRIVERS\ACPIEC.sys 9859c0f6936e723e4892d7141b1327d5
C:\Windows\System32\drivers\aec.sys 8bed39e3c35d6a489438b8141717a557
C:\Windows\System32\drivers\afd.sys 1e44bc1e83d8fd2305f8d452db109cf9
C:\Windows\System32\DRIVERS\AM10XP.sys 678c8fdb9d6094d41f322b7159853c54
C:\Windows\System32\drivers\Ambfilt.sys f6af59d6eee5e1c304f7f73706ad11d8
C:\Windows\System32\DRIVERS\athw.sys d3e782ad9dca4d6215222a43345f43b0
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys 35a6a419d7526f5cf824afb23afa08d6
C:\Windows\System32\DRIVERS\asyncmac.sys b153affac761e7f5fcfa822b9c4e97bc
C:\Windows\System32\DRIVERS\atapi.sys 9f3a2f5aa6875c72bf062c712cfa2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916c1225104ba14794209cfa8012159
C:\Windows\System32\DRIVERS\audstub.sys d9f724aa26c010a217c97606b160ed68
C:\WINDOWS\system32\AWINDIS5.SYS f62b70d3209e38a6c19a03109a25b903
C:\Windows\System32\Drivers\Beep.sys da1f27d85e0d1525f6621372e7b685e9
C:\Windows\System32\drivers\btaudio.sys 2c04f295f7f40eb46f7accd3f6cdef4a
C:\Windows\System32\DRIVERS\btport.sys 2f9f111d31aa3fbbe5781d829a4524e6
C:\Windows\System32\DRIVERS\btkrnl.sys 75130181fa2fd6cbe83083c5311abe78
C:\Windows\System32\DRIVERS\btwdndis.sys 485020a1e1fc5c51a800ca69c618d881
C:\Windows\System32\DRIVERS\btwhid.sys c51d50cf24da69a9c499e65b0edb3bb7
C:\Windows\System32\Drivers\btwusb.sys 6b622612fe21b59faee2ca4385959778
C:\Windows\System32\Drivers\cbidf2k.sys 90a673fc8e12a79afbed2576f6a7aaf9
C:\Windows\System32\DRIVERS\CCDECODE.sys 0be5aef125be881c4f854c554f2b025c
C:\Windows\System32\Drivers\Cdaudio.sys c1b486a7658353d33a10cc15211a873b
C:\Windows\System32\Drivers\Cdfs.sys c885b02847f5d2fd45a24e219ed93b32
C:\Windows\System32\DRIVERS\cdrom.sys 1f4260cc5b42272d71f79e570a27a4fe
C:\Windows\System32\DRIVERS\CmBatt.sys 0f6c187d38d98f8df904589a5f94d411
C:\Windows\System32\DRIVERS\compbatt.sys 6e4c9f21f0fae8940661144f41b13203
C:\Windows\System32\DRIVERS\disk.sys 044452051f3e02e7963599fc8f4f3e25
C:\Windows\System32\drivers\dmboot.sys d992fe1274bde0f84ad826acae022a41
C:\Windows\System32\DRIVERS\DMICall.sys 526192bf7696f72e29777bf4a180513a
C:\Windows\System32\drivers\dmio.sys 7c824cf7bbde77d95c08005717a95f6f
C:\Windows\System32\drivers\dmload.sys e9317282a63ca4d188c0df5e09c6ac5f
C:\Windows\System32\drivers\DMusic.sys 8a208dfcf89792a484e76c40e5f50b45
C:\Windows\System32\drivers\drmkaud.sys 8f5fcff8e8848afac920905fbd9d33c8
C:\Windows\System32\Drivers\Fastfat.sys 38d332a6d56af32635675f132548343e
C:\Windows\System32\Drivers\Fdc.sys 92cdd60b6730b9f50f6a1a0c1f8cdc81
C:\Windows\System32\Drivers\Fips.sys d45926117eb9fa946a6af572fbe1caa3
C:\Windows\System32\Drivers\Flpydisk.sys 9d27e7b80bfcdf1cdd9b555862d5e7f0
C:\Windows\System32\drivers\fltmgr.sys b2cf4b0786f8212cb92ed2b50c6db6b0
C:\Windows\System32\Drivers\Fs_Rec.sys 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
C:\Windows\System32\DRIVERS\ftdisk.sys 6ac26732762483366c3969c9e4d2259d
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msgpc.sys 0a02c63c8b144bd8c86b103dee7c86a2
C:\Windows\System32\DRIVERS\HDAudBus.sys 573c7d0a32852b48f3058cfd8026f511
C:\Windows\System32\DRIVERS\hidusb.sys ccf82c5ec8a7326c3066de870c06daf1
C:\Windows\System32\Drivers\HTTP.sys f80a415ef82cd06ffaf0d971528ead38
C:\Windows\System32\DRIVERS\i8042prt.sys 4a0b06aa8943c1e332520f7440c0aa30
C:\Windows\System32\DRIVERS\igxpmp32.sys 48846b31be5a4fa662ccfde7a1ba86b9
C:\Windows\System32\DRIVERS\imapi.sys 083a052659f5310dd8b6a6cb05edcf8e
C:\Windows\System32\drivers\RtkHDAud.sys 43b0b2d3d22afb63197fe011d02a977b
C:\Windows\System32\DRIVERS\intelppm.sys 8c953733d8f36eb2133f5bb58808b66b
C:\Windows\System32\drivers\ip6fw.sys 3bb22519a194418d5fec05d800a19ad0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731f22ba402ee4b62748adaf6363c182
C:\Windows\System32\DRIVERS\ipinip.sys b87ab476dcf76e72010632b5550955f5
C:\Windows\System32\DRIVERS\ipnat.sys cc748ea12c6effde940ee98098bf96bb
C:\Windows\System32\DRIVERS\ipsec.sys 23c74d75e36e7158768dd63d92789a91
C:\Windows\System32\DRIVERS\irenum.sys c93c9ff7b04d772627a3646d89f7bf89
C:\Windows\System32\DRIVERS\isapnp.sys 05a299ec56e52649b1cf2fc52d20f2d7
C:\Windows\System32\DRIVERS\kbdclass.sys 463c1ec80cd17420a542b7f36a36f128
C:\Windows\System32\drivers\kmixer.sys 692bcf44383d056aed41b045a323d378
C:\Windows\System32\Drivers\KSecDD.sys b467646c54cc746128904e1654c750c1
C:\Windows\System32\DRIVERS\l1c51x86.sys 1e256e6541ddd97a1931a2a300317166
C:\WINDOWS\system32\drivers\mbam.sys 629cabb0421668c9d3d402a3c3d77e14
C:\Windows\System32\Drivers\mnmdd.sys 4ae068242760a1fb6e1a44bf4e16afa6
C:\Windows\System32\Drivers\Modem.sys dfcbad3cec1c5f964962ae10e0bcc8e1
C:\Windows\System32\drivers\Monfilt.sys 9fa7207d1b1adead88ae8eed9cdbbaa5
C:\Windows\System32\DRIVERS\mouclass.sys 35c9e97194c8cfb8430125f8dbc34d04
C:\Windows\System32\DRIVERS\mouhid.sys b1c303e17fb9d46e87a98e4ba6769685
C:\Windows\System32\Drivers\MountMgr.sys a80b9a0bad1b73637dbcbba7df72d3fd
C:\Windows\System32\DRIVERS\mrxdav.sys 11d42bb6206f33fbb3ba0288d3ef81bd
C:\Windows\System32\Drivers\Msfs.sys c941ea2454ba8350021d774daf0f1027
C:\Windows\System32\drivers\MSKSSRV.sys d1575e71568f4d9e14ca56b7b0453bf1
C:\Windows\System32\drivers\MSPCLOCK.sys 325bb26842fc7ccc1fcce2c457317f3e
C:\Windows\System32\drivers\MSPQM.sys bad59648ba099da4a17680b39730cb3d
C:\Windows\System32\DRIVERS\mssmbios.sys af5f4f3f14a8ea2c26de30f7a1e17136
C:\Windows\System32\drivers\MSTEE.sys e53736a9e30c45fa9e7b5eac55056d1d
C:\Windows\System32\Drivers\Mup.sys de6a75f5c270e756c5508d94b6cf68f5
C:\Windows\System32\DRIVERS\NABTSFEC.sys 5b50f1b2a2ed47d560577b221da734db
C:\Windows\System32\Drivers\NDIS.sys 1df7f42665c94b825322fae71721130d
C:\Windows\System32\DRIVERS\NdisIP.sys 7ff1f1fd8609c149aa432f95a8163d97
C:\Windows\System32\DRIVERS\ndistapi.sys 0109c4f3850dfbab279542515386ae22
C:\Windows\System32\DRIVERS\ndisuio.sys f927a4434c5028758a842943ef1a3849
C:\Windows\System32\DRIVERS\ndiswan.sys edc1531a49c80614b2cfda43ca8659ab
C:\Windows\System32\Drivers\NDProxy.sys 9282bd12dfb069d3889eb3fcc1000a9b
C:\Windows\System32\DRIVERS\netaapl.sys 29c45722e20572b6440b57e3359e73ee
C:\Windows\System32\DRIVERS\netbt.sys 74b2b2f5bea5e9a3dc021d685551bd3d
C:\Windows\System32\Drivers\Npfs.sys 3182d64ae053d6fb034f44b6def8034a
C:\Windows\System32\Drivers\Ntfs.sys 78a08dd6a8d65e697c18e1db01c5cdca
C:\Windows\System32\Drivers\Null.sys 73c1e1f395918bc2c6dd67af7591a3ad
C:\Windows\System32\DRIVERS\nwlnkflt.sys b305f3fad35083837ef46a0bbce2fc57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys c99b3415198d1aab7227f2c88fd664b9
C:\Windows\System32\Drivers\Parport.sys 5575faf8f97ce5e713d108c2a58d7c7c
C:\Windows\System32\Drivers\PartMgr.sys beb3ba25197665d82ec7065b724171c6
C:\Windows\System32\Drivers\ParVdm.sys 70e98b3fd8e963a6a46a2e6247e0bea1
C:\Windows\System32\DRIVERS\pci.sys a219903ccf74233761d92bef471a07b1
C:\Windows\System32\DRIVERS\pciide.sys ccf5f451bb1a5a2a522a76e670000ff0
C:\Windows\System32\Drivers\Pcmcia.sys 9e89ef60e9ee05e3f2eef2da7397f1c1
C:\Windows\System32\DRIVERS\raspptp.sys efeec01b1d3cf84f16ddd24d9d9d8f99
C:\Windows\System32\DRIVERS\psched.sys 09298ec810b07e5d582cb3a3f9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80d317bd1c3dbc5d4fe7b1678c60cadd
C:\Windows\System32\Drivers\PxHelp20.sys 153d02480a0a2f45785522e814c634b6
C:\Windows\System32\DRIVERS\rasacd.sys fe0d99d6f31e4fad8159f690d68ded9c
C:\Windows\System32\DRIVERS\rasl2tp.sys 11b4a627bc9614b885c4969bfa5ff8a6
C:\Windows\System32\DRIVERS\raspppoe.sys 5bc962f2654137c9909c3d4603587dee
C:\Windows\System32\DRIVERS\raspti.sys fdbb1d60066fcfbb7452fd8f9829b242
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912d5b403614ce99c28420f75353332
C:\Windows\System32\Drivers\RDPWD.sys 43af5212bd8fb5ba6eed9754358bd8f7
C:\Windows\System32\DRIVERS\redbook.sys f828dd7e1419b6653894a8f97a0094c5
C:\Windows\System32\DRIVERS\rimsptsk.sys d0c2a0ce1091e08efb7ccba6cea4c3f9
C:\Windows\System32\Drivers\RimUsb.sys 4f4a4c09cc5be58a76cac1c337e004e6
C:\Windows\System32\DRIVERS\RimSerial.sys 3a5633ad615e2b15291bd0b1b97ccd8a
C:\Windows\System32\DRIVERS\risdptsk.sys bff70b98423f5b33d14f8438ecebf650
C:\Windows\System32\Drivers\RootMdm.sys d8b0b4ade32574b2d9c5cc34dc0dbbe7
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys cca207a8896d4c6a0c9ce29a4ae411a7
C:\Windows\System32\DRIVERS\sfloppy.sys 8e6b8c671615d126fdc553d1e2de5562
C:\Windows\System32\DRIVERS\SLIP.sys 866d538ebe33709a5c9f5c62b73b7d14
C:\Windows\System32\Drivers\SonyNC.sys be6038e0a7d2e2fe69107e41a0265831
C:\Windows\System32\DRIVERS\sonypvs1.sys dfadfc2c86662f40759bf02add27d569
C:\Windows\System32\DRIVERS\SONYPVU1.SYS a1eceeaa5c5e74b2499eb51d38185b84
C:\Windows\System32\drivers\splitter.sys ab8b92451ecb048a4d1de7c3ffcb4a9f
C:\Windows\System32\DRIVERS\sr.sys 76bb022c2fb6902fd5bdd4f78fc13a5d
C:\Windows\System32\DRIVERS\srv.sys 47ddfc2f003f7f9f0592c6874962a2e7
C:\Windows\System32\DRIVERS\StreamIP.sys 77813007ba6265c4b6098187e6ed79d2
C:\Windows\System32\DRIVERS\swenum.sys 3941d127aef12e93addf6fe6ee027e0f
C:\Windows\System32\drivers\swmidi.sys 8ce882bcc6cf8a62f2b2323d95cb3d01
C:\Windows\System32\DRIVERS\SynTP.sys 7576e391184a4581dd06d3bd93fd146c
C:\Windows\System32\drivers\sysaudio.sys 8b83f3ed0f1688b4958f77cd6d2bf290
C:\Windows\System32\DRIVERS\tcpip.sys 9aefa14bd6b182d61e3119fa5f436d3d
C:\Windows\System32\Drivers\TDPIPE.sys 6471a66807f5e104e4885f5b67349397
C:\Windows\System32\Drivers\TDTCP.sys c56b6d0402371cf3700eb322ef3aaf61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429d9e
C:\Windows\System32\Drivers\Udfs.sys 5787b80c2e3c5e2f56c2a233d91fa2c9
C:\Windows\System32\DRIVERS\update.sys 402ddc88356b1bac0ee3dd1580c76a31
C:\Windows\System32\Drivers\usbaapl.sys d4fb6ecc60a428564ba8768b0e23c0fc
C:\Windows\System32\drivers\usbaudio.sys e919708db44ed8543a7c017953148330
C:\Windows\System32\DRIVERS\usbccgp.sys 173f317ce0db8e21322e71b7e60a27e8
C:\Windows\System32\DRIVERS\usbehci.sys 65dcf09d0e37d4c6b11b5b0b76d470a7
C:\Windows\System32\DRIVERS\usbhub.sys 1ab3cdde553b6e064d2e754efe20285c
C:\Windows\System32\DRIVERS\usbscan.sys a0b8cf9deb1184fbdd20784a58fa75d4
C:\Windows\System32\DRIVERS\USBSTOR.SYS a32426d9b14a089eaa1d922e0c5801a9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496f9dee2d787fc3e61ad54821ffe6
C:\Windows\System32\Drivers\usbvideo.sys 63bbfca7f390f4c49ed4b96bfb1633e0
C:\Windows\System32\drivers\vga.sys 0d3a8fafceacd8b7625cd549757a7df1
C:\Windows\System32\Drivers\VolSnap.sys 4c8fcb5cc53aab716d810740fe59d025
C:\Windows\System32\DRIVERS\wanarp.sys e20b95baedb550f32dd489265c1da1f6
C:\Windows\System32\Drivers\wdf01000.sys bbcfeab7e871cddac2d397ee7fa91fdc
C:\Windows\System32\drivers\wdmaud.sys 6768acf64b18196494413695f0c3a00f
C:\Windows\System32\DRIVERS\wpdusb.sys cf4def1bf66f06964dc0d91844239104
C:\Windows\System32\Drivers\WS2IFSL.sys 6abe6e225adb5a751622a9cc3bc19ce8
C:\Windows\System32\DRIVERS\WSTCODEC.SYS c98b39829c2bbd34e454150633c62c78
C:\Windows\System32\DRIVERS\WudfPf.sys f15feafffbb3644ccc80c5da584e6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28b524262bce6de1f7ef9f510ba3985b

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-07 16:26 - 2013-04-07 19:53 - 00000000 ____D C:\i386
2013-04-07 14:03 - 2013-04-07 14:03 - 00000000 ____D C:\_OTL
2013-04-07 14:03 - 2011-07-12 18:55 - 02237440 ____A (OldTimer Tools) C:\OTLPE.exe
2013-04-07 13:57 - 2013-04-07 13:52 - 331527048 ____A C:\WindowsXP-KB936929-SP3-x86-ENU.rar
2013-04-07 13:55 - 2013-04-07 10:37 - 331805736 ____A (Microsoft Corporation) C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-04-06 22:49 - 2013-04-08 18:42 - 00088478 ____A C:\OTL.Txt
2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:40 - 2013-04-05 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 22:08 - 2013-04-05 22:09 - 09096848 ____A (SurfRight B.V.) C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
2013-04-05 21:37 - 2013-04-05 21:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-05 21:36 - 2013-04-05 21:36 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-05 21:36 - 2012-12-14 19:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-05 21:27 - 2013-04-05 21:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-04-05 21:26 - 2013-04-05 21:28 - 00004848 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-04-05 21:22 - 2013-04-05 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-05 21:21 - 2013-04-05 22:01 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-04-05 21:21 - 2013-04-05 21:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:31 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-04-05 21:21 - 2009-06-24 07:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
2013-04-05 21:21 - 2009-06-24 07:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-04-05 21:21 - 2009-06-24 07:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-04-05 21:21 - 2009-06-24 06:48 - 00013104 ___AH C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\TempRAID
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2013-04-05 21:21 - 2009-06-24 06:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-04-05 21:21 - 2009-06-24 06:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ___HD C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ____D C:\Documents and Settings\Administrator\Bluetooth Software
2013-04-05 21:21 - 2009-06-24 05:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield
2013-04-05 21:21 - 2009-06-23 05:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-04-04 22:13 - 2013-04-04 22:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-04-04 22:11 - 2013-04-04 22:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-04-04 22:08 - 2013-04-05 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
2013-03-17 20:09 - 2013-03-31 16:00 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-03-17 20:09 - 2013-03-17 20:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-03-10 14:45 - 2013-03-10 14:46 - 00000000 ____D C:\Program Files\Common Files\Adobe

==================== One Month Modified Files and Folders ========

2013-04-08 18:42 - 2013-04-06 22:49 - 00088478 ____A C:\OTL.Txt
2013-04-07 19:53 - 2013-04-07 16:26 - 00000000 ____D C:\i386
2013-04-07 14:03 - 2013-04-07 14:03 - 00000000 ____D C:\_OTL
2013-04-07 13:52 - 2013-04-07 13:57 - 331527048 ____A C:\WindowsXP-KB936929-SP3-x86-ENU.rar
2013-04-07 10:37 - 2013-04-07 13:55 - 331805736 ____A (Microsoft Corporation) C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:49 - 2009-06-23 13:10 - 00032434 ____A C:\Windows\SchedLgU.Txt
2013-04-05 23:49 - 2009-06-23 13:05 - 01886111 ____A C:\Windows\WindowsUpdate.log
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:48 - 2013-04-05 23:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 23:48 - 2010-01-16 16:22 - 00000178 __ASH C:\Documents and Settings\Marita XoXo\ntuser.ini
2013-04-05 23:48 - 2009-06-23 13:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 23:48 - 2009-06-23 06:00 - 00000275 ____A C:\Windows\wiadebug.log
2013-04-05 23:48 - 2009-06-23 06:00 - 00000048 ____A C:\Windows\wiaservc.log
2013-04-05 23:40 - 2009-06-23 05:57 - 00073244 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 23:37 - 2011-08-29 23:41 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Skype
2013-04-05 23:36 - 2012-06-09 02:23 - 00000290 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
2013-04-05 23:36 - 2009-06-23 12:49 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-04-05 23:35 - 2010-01-16 16:22 - 00000062 __ASH C:\Documents and Settings\Marita XoXo\Local Settings\desktop.ini
2013-04-05 23:35 - 2009-06-24 06:39 - 00000000 __HDC C:\Windows\$NtUninstallKB953155$
2013-04-05 23:35 - 2009-06-23 13:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-05 23:35 - 2009-06-23 13:10 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-05 23:15 - 2012-06-06 22:22 - 00001022 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
2013-04-05 22:09 - 2013-04-05 22:08 - 09096848 ____A (SurfRight B.V.) C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
2013-04-05 22:02 - 2010-10-15 10:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2013-04-05 22:01 - 2013-04-05 21:21 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-04-05 21:37 - 2013-04-05 21:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-05 21:36 - 2013-04-05 21:36 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-05 21:28 - 2013-04-05 21:26 - 00004848 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-04-05 21:27 - 2013-04-05 21:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-04-05 21:22 - 2013-04-05 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-05 21:21 - 2013-04-05 21:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-05 19:46 - 2012-03-01 12:20 - 00008192 _ASHC C:\Windows\Thumbs.db
2013-04-05 19:45 - 2013-04-04 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
2013-04-05 19:41 - 2013-02-20 16:38 - 00011718 ____A C:\Windows\setupapi.log
2013-04-04 22:15 - 2012-01-31 16:14 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Desktop\Fer...!
2013-04-04 22:13 - 2013-04-04 22:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-04-04 22:11 - 2013-04-04 22:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-04-04 22:07 - 2010-01-16 16:22 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Adobe
2013-04-04 21:07 - 2012-04-26 00:16 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\vlc
2013-04-04 20:51 - 2010-01-20 02:44 - 00194048 ____A C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-02 17:00 - 2012-06-09 02:23 - 00000298 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
2013-04-01 19:52 - 2011-06-16 14:41 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-03-31 16:00 - 2013-03-17 20:09 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-03-28 08:15 - 2012-06-06 22:22 - 00001000 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
2013-03-25 01:36 - 2013-03-03 17:55 - 00352568 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-03-23 14:45 - 2009-06-23 13:03 - 00047151 ___AC C:\Windows\wmsetup.log
2013-03-22 03:45 - 2010-01-20 02:02 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Tracing
2013-03-21 22:26 - 2012-05-03 03:03 - 00693976 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-21 22:26 - 2012-02-07 16:06 - 00073432 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-19 12:19 - 2010-01-20 02:16 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-03-17 20:09 - 2013-03-17 20:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-03-17 20:09 - 2012-10-22 22:18 - 00000000 ___RD C:\Program Files\Skype
2013-03-17 20:09 - 2011-08-29 23:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-03-12 23:25 - 2012-05-09 00:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-03-10 14:46 - 2013-03-10 14:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-03-10 14:45 - 2009-06-24 07:06 - 00000000 ____D C:\Program Files\Adobe
2013-03-10 14:45 - 2009-06-24 07:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-03-10 14:44 - 2010-01-16 16:22 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Adobe
2013-03-10 14:43 - 2013-03-08 05:33 - 00000000 ____D C:\Program Files\Mozilla Firefox


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-05 20:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP610

RP: -> 2013-04-04 19:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP609

RP: -> 2013-04-03 17:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP608

RP: -> 2013-04-02 02:22 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP607

RP: -> 2013-04-01 00:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP606

RP: -> 2013-03-30 19:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP605

RP: -> 2013-03-29 15:26 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP604

RP: -> 2013-03-28 04:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP603

RP: -> 2013-03-26 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP602

RP: -> 2013-03-25 19:33 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP601

RP: -> 2013-03-24 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP600

RP: -> 2013-03-23 02:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP599

RP: -> 2013-03-22 00:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP598

RP: -> 2013-03-20 20:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP597

RP: -> 2013-03-19 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP596

RP: -> 2013-03-18 19:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP595

RP: -> 2013-03-17 18:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP594

RP: -> 2013-03-16 18:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP593

RP: -> 2013-03-15 18:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP592

RP: -> 2013-03-14 17:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP591

RP: -> 2013-03-13 14:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP590

RP: -> 2013-03-12 14:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP589

RP: -> 2013-03-11 05:11 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP588

RP: -> 2013-03-10 05:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP587

RP: -> 2013-03-09 02:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP586

RP: -> 2013-03-08 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP585

RP: -> 2013-03-07 01:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP584

RP: -> 2013-03-06 01:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP583

RP: -> 2013-03-04 23:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP582

RP: -> 2013-03-03 01:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP581

RP: -> 2013-03-01 21:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP580

RP: -> 2013-02-28 21:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP579

RP: -> 2013-02-27 19:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP578

RP: -> 2013-02-26 19:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP577

RP: -> 2013-02-25 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP576

RP: -> 2013-02-24 05:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP575

RP: -> 2013-02-23 02:14 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP574

RP: -> 2013-02-22 00:53 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP573

RP: -> 2013-02-20 23:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP572

RP: -> 2013-02-18 18:09 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP571

RP: -> 2013-02-17 16:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP570

RP: -> 2013-02-16 04:41 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP569

RP: -> 2013-02-15 00:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP568

RP: -> 2013-02-13 23:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP567

RP: -> 2013-02-12 22:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP566

RP: -> 2013-02-11 22:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP565

RP: -> 2013-02-10 21:36 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP564

RP: -> 2013-02-09 18:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP563

RP: -> 2013-02-08 16:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP562

RP: -> 2013-02-07 11:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP561

RP: -> 2013-02-06 01:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP560

RP: -> 2013-02-05 00:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP559

RP: -> 2013-02-03 17:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP558

RP: -> 2013-02-02 15:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP557

RP: -> 2013-02-01 02:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP556

RP: -> 2013-01-31 00:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP555

RP: -> 2013-01-29 20:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP554

RP: -> 2013-01-29 03:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP553

RP: -> 2013-01-28 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP552

RP: -> 2013-01-27 01:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP551

RP: -> 2013-01-26 01:39 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP550

RP: -> 2013-01-24 23:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP549

RP: -> 2013-01-23 16:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP548

RP: -> 2013-01-22 01:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP547

RP: -> 2013-01-20 04:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP546

RP: -> 2013-01-19 03:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP545

RP: -> 2013-01-15 20:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP544

RP: -> 2013-01-14 04:29 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP543

RP: -> 2013-01-13 02:56 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP542

RP: -> 2013-01-12 02:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP541

RP: -> 2013-01-11 01:42 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP540

RP: -> 2013-01-09 23:58 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP539

RP: -> 2013-01-08 21:27 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP538

RP: -> 2013-01-07 21:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP537

RP: -> 2013-01-06 19:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP536

RP: -> 2013-01-06 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP535


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 806.18 MB
Total Pagefile: 901.89 MB
Available Pagefile: 823.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.98 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:141.05 GB) (Free:35.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (ReatogoPE) (Removable) (Total:7.45 GB) (Free:7.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8190 MB 1024 KB
Partition 2 Primary 141 GB 8191 MB
Partition 3 Unknown 848 KB 149 GB
=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 NTFS Partition 8190 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 141 GB Healthy
=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Partition 1024 KB Healthy
=========================================================
==================== End Of Log ============================
  • 0

Advertisements


#32
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again ferhampshire,

Well done, much better information. :thumbsup:

It looks to me like hitmanpro has had a field day but there is also suspicious partition activity showing in the log.

I don't want to try and fix this without consulting so I am seeking assistance from the tool developer.

Might be a little while before a response. We all work in different time zones.

Rest assured though I will get back to you. :)
  • 0

#33
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you so much emeraldnzl, I will wait for a response and please know that I really appreciate everything you're doing to help me out. :)
  • 0

#34
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello ferhampshire,

  • Please copy the attached "fixlist.txt" file to your flash drive.
  • Please boot your computer with the Flash drive as before.
  • Locate and run FSRT.
  • The tool will start to run.


    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#35
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Rapid response again, I wasn't expecting that after your last message :) thank you!!

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2012
Ran by SYSTEM at 2013-04-10 03:50:49 Run:1
Running from X:\

==============================================


==== End of Fixlog ====
  • 0

#36
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello ferhampshire,

Please run a scan with FRST and post back the results.
  • 0

#37
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi emeraldnzl! Here is the log FRST gave me:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 120 days old)
Ran by SYSTEM at 10-04-2013 14:37:37
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1512744 2009-05-26] (Synaptics Incorporated)
HKLM\...\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2009-05-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [217088 2009-03-26] (Sony Corporation)
HKLM\...\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [503808 2008-07-22] (Sony Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [315392 2008-05-15] (Sony Corporation)
HKLM\...\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary [866144 2008-06-11] (Sony Corporation)
HKLM\...\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [x]
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [Facebook Update] "C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Marita XoXo\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Marita XoXo\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.200.241.37 24.202.72.13
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Marita XoXo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 HitmanPro37CrusaderBoot; "C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe" /crusader:boot [9096848 2013-04-05] (SurfRight B.V.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 RaAutoInstSrv_AM10; C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3289208 2013-01-31] (Skype Technologies S.A.)
3 SOHCImp; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-03-25] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-03-25] (Sony Corporation)
3 SOHDms; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe" [390440 2009-03-25] (Sony Corporation)
3 SOHDs; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-03-25] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-03-25] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2012-12-25] ()
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-01-21] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [176128 2009-03-18] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [5184872 2009-01-14] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-01-21] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2009-01-21] (Sony Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [91776 2009-04-10] (Ricoh co.,Ltd.)
3 AM10; C:\Windows\System32\DRIVERS\AM10XP.sys [816672 2010-03-23] (Ralink Technology, Corp.)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-05-14] (Creative)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1529600 2009-03-28] (Atheros Communications, Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
3 AWINDIS5; \??\C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-12] (AMBIT Microsystems Corporation.)
3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534312 2009-06-11] (Broadcom Corporation.)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2009-06-11] (Broadcom Corporation.)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-06-11] (Broadcom Corporation.)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2009-06-11] (Broadcom Corporation.)
3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [56992 2009-06-11] (Broadcom Corporation.)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-06-11] (Broadcom Corporation.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [39424 2009-05-26] (Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-05-14] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2009-03-04] (Sony Corporation)
3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-16] (Sony Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\5U876.sys 21e762887187cf03494104165f3c148d
C:\Windows\System32\DRIVERS\ACPI.sys d8fb7d1c3f5bfa3f53fe9cc6367e9e99
C:\Windows\System32\DRIVERS\ACPIEC.sys 9859c0f6936e723e4892d7141b1327d5
C:\Windows\System32\drivers\aec.sys 8bed39e3c35d6a489438b8141717a557
C:\Windows\System32\drivers\afd.sys 1e44bc1e83d8fd2305f8d452db109cf9
C:\Windows\System32\DRIVERS\AM10XP.sys 678c8fdb9d6094d41f322b7159853c54
C:\Windows\System32\drivers\Ambfilt.sys f6af59d6eee5e1c304f7f73706ad11d8
C:\Windows\System32\DRIVERS\athw.sys d3e782ad9dca4d6215222a43345f43b0
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys 35a6a419d7526f5cf824afb23afa08d6
C:\Windows\System32\DRIVERS\asyncmac.sys b153affac761e7f5fcfa822b9c4e97bc
C:\Windows\System32\DRIVERS\atapi.sys 9f3a2f5aa6875c72bf062c712cfa2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916c1225104ba14794209cfa8012159
C:\Windows\System32\DRIVERS\audstub.sys d9f724aa26c010a217c97606b160ed68
C:\WINDOWS\system32\AWINDIS5.SYS f62b70d3209e38a6c19a03109a25b903
C:\Windows\System32\Drivers\Beep.sys da1f27d85e0d1525f6621372e7b685e9
C:\Windows\System32\drivers\btaudio.sys 2c04f295f7f40eb46f7accd3f6cdef4a
C:\Windows\System32\DRIVERS\btport.sys 2f9f111d31aa3fbbe5781d829a4524e6
C:\Windows\System32\DRIVERS\btkrnl.sys 75130181fa2fd6cbe83083c5311abe78
C:\Windows\System32\DRIVERS\btwdndis.sys 485020a1e1fc5c51a800ca69c618d881
C:\Windows\System32\DRIVERS\btwhid.sys c51d50cf24da69a9c499e65b0edb3bb7
C:\Windows\System32\Drivers\btwusb.sys 6b622612fe21b59faee2ca4385959778
C:\Windows\System32\Drivers\cbidf2k.sys 90a673fc8e12a79afbed2576f6a7aaf9
C:\Windows\System32\DRIVERS\CCDECODE.sys 0be5aef125be881c4f854c554f2b025c
C:\Windows\System32\Drivers\Cdaudio.sys c1b486a7658353d33a10cc15211a873b
C:\Windows\System32\Drivers\Cdfs.sys c885b02847f5d2fd45a24e219ed93b32
C:\Windows\System32\DRIVERS\cdrom.sys 1f4260cc5b42272d71f79e570a27a4fe
C:\Windows\System32\DRIVERS\CmBatt.sys 0f6c187d38d98f8df904589a5f94d411
C:\Windows\System32\DRIVERS\compbatt.sys 6e4c9f21f0fae8940661144f41b13203
C:\Windows\System32\DRIVERS\disk.sys 044452051f3e02e7963599fc8f4f3e25
C:\Windows\System32\drivers\dmboot.sys d992fe1274bde0f84ad826acae022a41
C:\Windows\System32\DRIVERS\DMICall.sys 526192bf7696f72e29777bf4a180513a
C:\Windows\System32\drivers\dmio.sys 7c824cf7bbde77d95c08005717a95f6f
C:\Windows\System32\drivers\dmload.sys e9317282a63ca4d188c0df5e09c6ac5f
C:\Windows\System32\drivers\DMusic.sys 8a208dfcf89792a484e76c40e5f50b45
C:\Windows\System32\drivers\drmkaud.sys 8f5fcff8e8848afac920905fbd9d33c8
C:\Windows\System32\Drivers\Fastfat.sys 38d332a6d56af32635675f132548343e
C:\Windows\System32\Drivers\Fdc.sys 92cdd60b6730b9f50f6a1a0c1f8cdc81
C:\Windows\System32\Drivers\Fips.sys d45926117eb9fa946a6af572fbe1caa3
C:\Windows\System32\Drivers\Flpydisk.sys 9d27e7b80bfcdf1cdd9b555862d5e7f0
C:\Windows\System32\drivers\fltmgr.sys b2cf4b0786f8212cb92ed2b50c6db6b0
C:\Windows\System32\Drivers\Fs_Rec.sys 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
C:\Windows\System32\DRIVERS\ftdisk.sys 6ac26732762483366c3969c9e4d2259d
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msgpc.sys 0a02c63c8b144bd8c86b103dee7c86a2
C:\Windows\System32\DRIVERS\HDAudBus.sys 573c7d0a32852b48f3058cfd8026f511
C:\Windows\System32\DRIVERS\hidusb.sys ccf82c5ec8a7326c3066de870c06daf1
C:\Windows\System32\Drivers\HTTP.sys f80a415ef82cd06ffaf0d971528ead38
C:\Windows\System32\DRIVERS\i8042prt.sys 4a0b06aa8943c1e332520f7440c0aa30
C:\Windows\System32\DRIVERS\igxpmp32.sys 48846b31be5a4fa662ccfde7a1ba86b9
C:\Windows\System32\DRIVERS\imapi.sys 083a052659f5310dd8b6a6cb05edcf8e
C:\Windows\System32\drivers\RtkHDAud.sys 43b0b2d3d22afb63197fe011d02a977b
C:\Windows\System32\DRIVERS\intelppm.sys 8c953733d8f36eb2133f5bb58808b66b
C:\Windows\System32\drivers\ip6fw.sys 3bb22519a194418d5fec05d800a19ad0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731f22ba402ee4b62748adaf6363c182
C:\Windows\System32\DRIVERS\ipinip.sys b87ab476dcf76e72010632b5550955f5
C:\Windows\System32\DRIVERS\ipnat.sys cc748ea12c6effde940ee98098bf96bb
C:\Windows\System32\DRIVERS\ipsec.sys 23c74d75e36e7158768dd63d92789a91
C:\Windows\System32\DRIVERS\irenum.sys c93c9ff7b04d772627a3646d89f7bf89
C:\Windows\System32\DRIVERS\isapnp.sys 05a299ec56e52649b1cf2fc52d20f2d7
C:\Windows\System32\DRIVERS\kbdclass.sys 463c1ec80cd17420a542b7f36a36f128
C:\Windows\System32\drivers\kmixer.sys 692bcf44383d056aed41b045a323d378
C:\Windows\System32\Drivers\KSecDD.sys b467646c54cc746128904e1654c750c1
C:\Windows\System32\DRIVERS\l1c51x86.sys 1e256e6541ddd97a1931a2a300317166
C:\WINDOWS\system32\drivers\mbam.sys 629cabb0421668c9d3d402a3c3d77e14
C:\Windows\System32\Drivers\mnmdd.sys 4ae068242760a1fb6e1a44bf4e16afa6
C:\Windows\System32\Drivers\Modem.sys dfcbad3cec1c5f964962ae10e0bcc8e1
C:\Windows\System32\drivers\Monfilt.sys 9fa7207d1b1adead88ae8eed9cdbbaa5
C:\Windows\System32\DRIVERS\mouclass.sys 35c9e97194c8cfb8430125f8dbc34d04
C:\Windows\System32\DRIVERS\mouhid.sys b1c303e17fb9d46e87a98e4ba6769685
C:\Windows\System32\Drivers\MountMgr.sys a80b9a0bad1b73637dbcbba7df72d3fd
C:\Windows\System32\DRIVERS\mrxdav.sys 11d42bb6206f33fbb3ba0288d3ef81bd
C:\Windows\System32\Drivers\Msfs.sys c941ea2454ba8350021d774daf0f1027
C:\Windows\System32\drivers\MSKSSRV.sys d1575e71568f4d9e14ca56b7b0453bf1
C:\Windows\System32\drivers\MSPCLOCK.sys 325bb26842fc7ccc1fcce2c457317f3e
C:\Windows\System32\drivers\MSPQM.sys bad59648ba099da4a17680b39730cb3d
C:\Windows\System32\DRIVERS\mssmbios.sys af5f4f3f14a8ea2c26de30f7a1e17136
C:\Windows\System32\drivers\MSTEE.sys e53736a9e30c45fa9e7b5eac55056d1d
C:\Windows\System32\Drivers\Mup.sys de6a75f5c270e756c5508d94b6cf68f5
C:\Windows\System32\DRIVERS\NABTSFEC.sys 5b50f1b2a2ed47d560577b221da734db
C:\Windows\System32\Drivers\NDIS.sys 1df7f42665c94b825322fae71721130d
C:\Windows\System32\DRIVERS\NdisIP.sys 7ff1f1fd8609c149aa432f95a8163d97
C:\Windows\System32\DRIVERS\ndistapi.sys 0109c4f3850dfbab279542515386ae22
C:\Windows\System32\DRIVERS\ndisuio.sys f927a4434c5028758a842943ef1a3849
C:\Windows\System32\DRIVERS\ndiswan.sys edc1531a49c80614b2cfda43ca8659ab
C:\Windows\System32\Drivers\NDProxy.sys 9282bd12dfb069d3889eb3fcc1000a9b
C:\Windows\System32\DRIVERS\netaapl.sys 29c45722e20572b6440b57e3359e73ee
C:\Windows\System32\DRIVERS\netbt.sys 74b2b2f5bea5e9a3dc021d685551bd3d
C:\Windows\System32\Drivers\Npfs.sys 3182d64ae053d6fb034f44b6def8034a
C:\Windows\System32\Drivers\Ntfs.sys 78a08dd6a8d65e697c18e1db01c5cdca
C:\Windows\System32\Drivers\Null.sys 73c1e1f395918bc2c6dd67af7591a3ad
C:\Windows\System32\DRIVERS\nwlnkflt.sys b305f3fad35083837ef46a0bbce2fc57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys c99b3415198d1aab7227f2c88fd664b9
C:\Windows\System32\Drivers\Parport.sys 5575faf8f97ce5e713d108c2a58d7c7c
C:\Windows\System32\Drivers\PartMgr.sys beb3ba25197665d82ec7065b724171c6
C:\Windows\System32\Drivers\ParVdm.sys 70e98b3fd8e963a6a46a2e6247e0bea1
C:\Windows\System32\DRIVERS\pci.sys a219903ccf74233761d92bef471a07b1
C:\Windows\System32\DRIVERS\pciide.sys ccf5f451bb1a5a2a522a76e670000ff0
C:\Windows\System32\Drivers\Pcmcia.sys 9e89ef60e9ee05e3f2eef2da7397f1c1
C:\Windows\System32\DRIVERS\raspptp.sys efeec01b1d3cf84f16ddd24d9d9d8f99
C:\Windows\System32\DRIVERS\psched.sys 09298ec810b07e5d582cb3a3f9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80d317bd1c3dbc5d4fe7b1678c60cadd
C:\Windows\System32\Drivers\PxHelp20.sys 153d02480a0a2f45785522e814c634b6
C:\Windows\System32\DRIVERS\rasacd.sys fe0d99d6f31e4fad8159f690d68ded9c
C:\Windows\System32\DRIVERS\rasl2tp.sys 11b4a627bc9614b885c4969bfa5ff8a6
C:\Windows\System32\DRIVERS\raspppoe.sys 5bc962f2654137c9909c3d4603587dee
C:\Windows\System32\DRIVERS\raspti.sys fdbb1d60066fcfbb7452fd8f9829b242
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912d5b403614ce99c28420f75353332
C:\Windows\System32\Drivers\RDPWD.sys 43af5212bd8fb5ba6eed9754358bd8f7
C:\Windows\System32\DRIVERS\redbook.sys f828dd7e1419b6653894a8f97a0094c5
C:\Windows\System32\DRIVERS\rimsptsk.sys d0c2a0ce1091e08efb7ccba6cea4c3f9
C:\Windows\System32\Drivers\RimUsb.sys 4f4a4c09cc5be58a76cac1c337e004e6
C:\Windows\System32\DRIVERS\RimSerial.sys 3a5633ad615e2b15291bd0b1b97ccd8a
C:\Windows\System32\DRIVERS\risdptsk.sys bff70b98423f5b33d14f8438ecebf650
C:\Windows\System32\Drivers\RootMdm.sys d8b0b4ade32574b2d9c5cc34dc0dbbe7
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys cca207a8896d4c6a0c9ce29a4ae411a7
C:\Windows\System32\DRIVERS\sfloppy.sys 8e6b8c671615d126fdc553d1e2de5562
C:\Windows\System32\DRIVERS\SLIP.sys 866d538ebe33709a5c9f5c62b73b7d14
C:\Windows\System32\Drivers\SonyNC.sys be6038e0a7d2e2fe69107e41a0265831
C:\Windows\System32\DRIVERS\sonypvs1.sys dfadfc2c86662f40759bf02add27d569
C:\Windows\System32\DRIVERS\SONYPVU1.SYS a1eceeaa5c5e74b2499eb51d38185b84
C:\Windows\System32\drivers\splitter.sys ab8b92451ecb048a4d1de7c3ffcb4a9f
C:\Windows\System32\DRIVERS\sr.sys 76bb022c2fb6902fd5bdd4f78fc13a5d
C:\Windows\System32\DRIVERS\srv.sys 47ddfc2f003f7f9f0592c6874962a2e7
C:\Windows\System32\DRIVERS\StreamIP.sys 77813007ba6265c4b6098187e6ed79d2
C:\Windows\System32\DRIVERS\swenum.sys 3941d127aef12e93addf6fe6ee027e0f
C:\Windows\System32\drivers\swmidi.sys 8ce882bcc6cf8a62f2b2323d95cb3d01
C:\Windows\System32\DRIVERS\SynTP.sys 7576e391184a4581dd06d3bd93fd146c
C:\Windows\System32\drivers\sysaudio.sys 8b83f3ed0f1688b4958f77cd6d2bf290
C:\Windows\System32\DRIVERS\tcpip.sys 9aefa14bd6b182d61e3119fa5f436d3d
C:\Windows\System32\Drivers\TDPIPE.sys 6471a66807f5e104e4885f5b67349397
C:\Windows\System32\Drivers\TDTCP.sys c56b6d0402371cf3700eb322ef3aaf61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429d9e
C:\Windows\System32\Drivers\Udfs.sys 5787b80c2e3c5e2f56c2a233d91fa2c9
C:\Windows\System32\DRIVERS\update.sys 402ddc88356b1bac0ee3dd1580c76a31
C:\Windows\System32\Drivers\usbaapl.sys d4fb6ecc60a428564ba8768b0e23c0fc
C:\Windows\System32\drivers\usbaudio.sys e919708db44ed8543a7c017953148330
C:\Windows\System32\DRIVERS\usbccgp.sys 173f317ce0db8e21322e71b7e60a27e8
C:\Windows\System32\DRIVERS\usbehci.sys 65dcf09d0e37d4c6b11b5b0b76d470a7
C:\Windows\System32\DRIVERS\usbhub.sys 1ab3cdde553b6e064d2e754efe20285c
C:\Windows\System32\DRIVERS\usbscan.sys a0b8cf9deb1184fbdd20784a58fa75d4
C:\Windows\System32\DRIVERS\USBSTOR.SYS a32426d9b14a089eaa1d922e0c5801a9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496f9dee2d787fc3e61ad54821ffe6
C:\Windows\System32\Drivers\usbvideo.sys 63bbfca7f390f4c49ed4b96bfb1633e0
C:\Windows\System32\drivers\vga.sys 0d3a8fafceacd8b7625cd549757a7df1
C:\Windows\System32\Drivers\VolSnap.sys 4c8fcb5cc53aab716d810740fe59d025
C:\Windows\System32\DRIVERS\wanarp.sys e20b95baedb550f32dd489265c1da1f6
C:\Windows\System32\Drivers\wdf01000.sys bbcfeab7e871cddac2d397ee7fa91fdc
C:\Windows\System32\drivers\wdmaud.sys 6768acf64b18196494413695f0c3a00f
C:\Windows\System32\DRIVERS\wpdusb.sys cf4def1bf66f06964dc0d91844239104
C:\Windows\System32\Drivers\WS2IFSL.sys 6abe6e225adb5a751622a9cc3bc19ce8
C:\Windows\System32\DRIVERS\WSTCODEC.SYS c98b39829c2bbd34e454150633c62c78
C:\Windows\System32\DRIVERS\WudfPf.sys f15feafffbb3644ccc80c5da584e6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28b524262bce6de1f7ef9f510ba3985b

==================== NetSvcs (Whitelisted) ===================


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-05 20:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP610

RP: -> 2013-04-04 19:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP609

RP: -> 2013-04-03 17:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP608

RP: -> 2013-04-02 02:22 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP607

RP: -> 2013-04-01 00:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP606

RP: -> 2013-03-30 19:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP605

RP: -> 2013-03-29 15:26 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP604

RP: -> 2013-03-28 04:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP603

RP: -> 2013-03-26 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP602

RP: -> 2013-03-25 19:33 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP601

RP: -> 2013-03-24 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP600

RP: -> 2013-03-23 02:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP599

RP: -> 2013-03-22 00:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP598

RP: -> 2013-03-20 20:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP597

RP: -> 2013-03-19 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP596

RP: -> 2013-03-18 19:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP595

RP: -> 2013-03-17 18:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP594

RP: -> 2013-03-16 18:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP593

RP: -> 2013-03-15 18:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP592

RP: -> 2013-03-14 17:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP591

RP: -> 2013-03-13 14:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP590

RP: -> 2013-03-12 14:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP589

RP: -> 2013-03-11 05:11 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP588

RP: -> 2013-03-10 05:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP587

RP: -> 2013-03-09 02:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP586

RP: -> 2013-03-08 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP585

RP: -> 2013-03-07 01:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP584

RP: -> 2013-03-06 01:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP583

RP: -> 2013-03-04 23:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP582

RP: -> 2013-03-03 01:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP581

RP: -> 2013-03-01 21:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP580

RP: -> 2013-02-28 21:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP579

RP: -> 2013-02-27 19:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP578

RP: -> 2013-02-26 19:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP577

RP: -> 2013-02-25 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP576

RP: -> 2013-02-24 05:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP575

RP: -> 2013-02-23 02:14 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP574

RP: -> 2013-02-22 00:53 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP573

RP: -> 2013-02-20 23:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP572

RP: -> 2013-02-18 18:09 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP571

RP: -> 2013-02-17 16:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP570

RP: -> 2013-02-16 04:41 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP569

RP: -> 2013-02-15 00:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP568

RP: -> 2013-02-13 23:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP567

RP: -> 2013-02-12 22:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP566

RP: -> 2013-02-11 22:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP565

RP: -> 2013-02-10 21:36 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP564

RP: -> 2013-02-09 18:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP563

RP: -> 2013-02-08 16:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP562

RP: -> 2013-02-07 11:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP561

RP: -> 2013-02-06 01:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP560

RP: -> 2013-02-05 00:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP559

RP: -> 2013-02-03 17:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP558

RP: -> 2013-02-02 15:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP557

RP: -> 2013-02-01 02:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP556

RP: -> 2013-01-31 00:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP555

RP: -> 2013-01-29 20:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP554

RP: -> 2013-01-29 03:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP553

RP: -> 2013-01-28 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP552

RP: -> 2013-01-27 01:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP551

RP: -> 2013-01-26 01:39 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP550

RP: -> 2013-01-24 23:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP549

RP: -> 2013-01-23 16:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP548

RP: -> 2013-01-22 01:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP547

RP: -> 2013-01-20 04:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP546

RP: -> 2013-01-19 03:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP545

RP: -> 2013-01-15 20:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP544

RP: -> 2013-01-14 04:29 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP543

RP: -> 2013-01-13 02:56 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP542

RP: -> 2013-01-12 02:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP541

RP: -> 2013-01-11 01:42 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP540

RP: -> 2013-01-09 23:58 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP539

RP: -> 2013-01-08 21:27 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP538

RP: -> 2013-01-07 21:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP537

RP: -> 2013-01-06 19:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP536

RP: -> 2013-01-06 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP535


==================== End Of Log ============================
  • 0

#38
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
FRST wasn't able to deal with that fix.

Do this instead.

Start your computer with the bootable flash drive. When the system has rebooted your system should now display a REATOGO-X-PE desktop.
Double-click on the MBRFix icon, a command window will open

Posted Image

In the command window type in the following pressing enter after each word:

Diskpart

Select Disk 0

Select Partition 2

Active

Exit

Exit


Re run FRST scan and post back here.
  • 0

#39
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello again! I was unable to follow your last instructions....Problem is that the keyboard on the infected computer is not working properly....When I try using some letters I get numbers instead and the program doesn't allow me to copy/paste as I have been doing previously...So I'm kinda stuck :confused:
  • 0

#40
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Outside shot but when you open the Command Prompt, up in the top left of the window there is a little box beside the words Command Prompt. If you click on that a drop down box should appear, go down to Edit and another box appears with some actions you can carry out including Paste. I wonder if you can highlight and copy the words in my last post using your mouse and if you can paste it using that.
  • 0

Advertisements


#41
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Yaay! It worked :) Thank you!!! OK, here is that last log:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2012 (ATTENTION: FRST version is 120 days old)
Ran by SYSTEM at 10-04-2013 22:29:11
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1512744 2009-05-26] (Synaptics Incorporated)
HKLM\...\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe [53248 2009-05-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [217088 2009-03-26] (Sony Corporation)
HKLM\...\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [503808 2008-07-22] (Sony Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [315392 2008-05-15] (Sony Corporation)
HKLM\...\Run: [VAIO Update 4] "C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe" /Stationary [866144 2008-06-11] (Sony Corporation)
HKLM\...\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [18432 2008-08-22] (Sony Electronics Inc)
HKLM\...\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-03-07] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [x]
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Default User\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation)
HKU\Marita XoXo\...\Run: [Facebook Update] "C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\Marita XoXo\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\Marita XoXo\...\Winlogon: [Shell] explorer.exe [x]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 24.200.241.37 24.202.72.13
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Marita XoXo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 HitmanPro37CrusaderBoot; "C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe" /crusader:boot [9096848 2013-04-05] (SurfRight B.V.)
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 RaAutoInstSrv_AM10; C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe [529024 2010-04-15] (Cisco Consumer Products LLC)
2 Skype C2C Service; "C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3289208 2013-01-31] (Skype Technologies S.A.)
3 SOHCImp; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-03-25] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-03-25] (Sony Corporation)
3 SOHDms; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe" [390440 2009-03-25] (Sony Corporation)
3 SOHDs; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-03-25] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-03-25] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UTSCSI; C:\WINDOWS\system32\UTSCSI.EXE [45056 2012-12-25] ()
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-01-21] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\sony\VAIO Event Service\VESMgr.exe [176128 2009-03-18] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [5184872 2009-01-14] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-01-21] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2009-01-21] (Sony Corporation)
3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

==================== Drivers (Whitelisted) ====================

3 5U876UVC; C:\Windows\System32\DRIVERS\5U876.sys [91776 2009-04-10] (Ricoh co.,Ltd.)
3 AM10; C:\Windows\System32\DRIVERS\AM10XP.sys [816672 2010-03-23] (Ralink Technology, Corp.)
3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2009-05-14] (Creative)
3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1529600 2009-03-28] (Atheros Communications, Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.)
3 AWINDIS5; \??\C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-12] (AMBIT Microsystems Corporation.)
3 btaudio; C:\Windows\System32\drivers\btaudio.sys [534312 2009-06-11] (Broadcom Corporation.)
3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2009-06-11] (Broadcom Corporation.)
3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [991136 2009-06-11] (Broadcom Corporation.)
3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2009-06-11] (Broadcom Corporation.)
3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [56992 2009-06-11] (Broadcom Corporation.)
3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [47272 2009-06-11] (Broadcom Corporation.)
3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows ® Server 2003 DDK provider)
3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [39424 2009-05-26] (Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2009-05-14] (Creative Technology Ltd.)
3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-14] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-14] (Microsoft Corporation)
3 SNC; C:\Windows\System32\Drivers\SonyNC.sys [48896 2009-03-04] (Sony Corporation)
3 sonypvs1; C:\Windows\System32\DRIVERS\sonypvs1.sys [102220 2002-10-16] (Sony Corporation)
3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-14] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-14] (Microsoft Corporation)
4 Abiosdsk; [x]
4 abp480n5; [x]
4 adpu160m; [x]
4 Aha154x; [x]
4 aic78u2; [x]
4 aic78xx; [x]
4 AliIde; [x]
4 amsint; [x]
4 asc; [x]
4 asc3350p; [x]
4 asc3550; [x]
4 Atdisk; [x]
4 cd20xrnt; [x]
1 Changer; [x]
4 CmdIde; [x]
4 Cpqarray; [x]
4 dac2w2k; [x]
4 dac960nt; [x]
4 dpti2o; [x]
4 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [x]
4 hpn; [x]
1 i2omgmt; [x]
4 i2omp; [x]
4 ini910u; [x]
4 IntelIde; [x]
1 lbrtfdc; [x]
4 mraid35x; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 perc2; [x]
4 perc2hib; [x]
4 ql1080; [x]
4 Ql10wnt; [x]
4 ql12160; [x]
4 ql1240; [x]
4 ql1280; [x]
4 Simbad; [x]
4 Sparrow; [x]
4 symc810; [x]
4 symc8xx; [x]
4 sym_hi; [x]
4 sym_u3; [x]
4 TosIde; [x]
4 ultra; [x]
4 ViaIde; [x]
3 WDICA; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\5U876.sys 21e762887187cf03494104165f3c148d
C:\Windows\System32\DRIVERS\ACPI.sys d8fb7d1c3f5bfa3f53fe9cc6367e9e99
C:\Windows\System32\DRIVERS\ACPIEC.sys 9859c0f6936e723e4892d7141b1327d5
C:\Windows\System32\drivers\aec.sys 8bed39e3c35d6a489438b8141717a557
C:\Windows\System32\drivers\afd.sys 1e44bc1e83d8fd2305f8d452db109cf9
C:\Windows\System32\DRIVERS\AM10XP.sys 678c8fdb9d6094d41f322b7159853c54
C:\Windows\System32\drivers\Ambfilt.sys f6af59d6eee5e1c304f7f73706ad11d8
C:\Windows\System32\DRIVERS\athw.sys d3e782ad9dca4d6215222a43345f43b0
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys 35a6a419d7526f5cf824afb23afa08d6
C:\Windows\System32\DRIVERS\asyncmac.sys b153affac761e7f5fcfa822b9c4e97bc
C:\Windows\System32\DRIVERS\atapi.sys 9f3a2f5aa6875c72bf062c712cfa2674
C:\Windows\System32\DRIVERS\atmarpc.sys 9916c1225104ba14794209cfa8012159
C:\Windows\System32\DRIVERS\audstub.sys d9f724aa26c010a217c97606b160ed68
C:\WINDOWS\system32\AWINDIS5.SYS f62b70d3209e38a6c19a03109a25b903
C:\Windows\System32\Drivers\Beep.sys da1f27d85e0d1525f6621372e7b685e9
C:\Windows\System32\drivers\btaudio.sys 2c04f295f7f40eb46f7accd3f6cdef4a
C:\Windows\System32\DRIVERS\btport.sys 2f9f111d31aa3fbbe5781d829a4524e6
C:\Windows\System32\DRIVERS\btkrnl.sys 75130181fa2fd6cbe83083c5311abe78
C:\Windows\System32\DRIVERS\btwdndis.sys 485020a1e1fc5c51a800ca69c618d881
C:\Windows\System32\DRIVERS\btwhid.sys c51d50cf24da69a9c499e65b0edb3bb7
C:\Windows\System32\Drivers\btwusb.sys 6b622612fe21b59faee2ca4385959778
C:\Windows\System32\Drivers\cbidf2k.sys 90a673fc8e12a79afbed2576f6a7aaf9
C:\Windows\System32\DRIVERS\CCDECODE.sys 0be5aef125be881c4f854c554f2b025c
C:\Windows\System32\Drivers\Cdaudio.sys c1b486a7658353d33a10cc15211a873b
C:\Windows\System32\Drivers\Cdfs.sys c885b02847f5d2fd45a24e219ed93b32
C:\Windows\System32\DRIVERS\cdrom.sys 1f4260cc5b42272d71f79e570a27a4fe
C:\Windows\System32\DRIVERS\CmBatt.sys 0f6c187d38d98f8df904589a5f94d411
C:\Windows\System32\DRIVERS\compbatt.sys 6e4c9f21f0fae8940661144f41b13203
C:\Windows\System32\DRIVERS\disk.sys 044452051f3e02e7963599fc8f4f3e25
C:\Windows\System32\drivers\dmboot.sys d992fe1274bde0f84ad826acae022a41
C:\Windows\System32\DRIVERS\DMICall.sys 526192bf7696f72e29777bf4a180513a
C:\Windows\System32\drivers\dmio.sys 7c824cf7bbde77d95c08005717a95f6f
C:\Windows\System32\drivers\dmload.sys e9317282a63ca4d188c0df5e09c6ac5f
C:\Windows\System32\drivers\DMusic.sys 8a208dfcf89792a484e76c40e5f50b45
C:\Windows\System32\drivers\drmkaud.sys 8f5fcff8e8848afac920905fbd9d33c8
C:\Windows\System32\Drivers\Fastfat.sys 38d332a6d56af32635675f132548343e
C:\Windows\System32\Drivers\Fdc.sys 92cdd60b6730b9f50f6a1a0c1f8cdc81
C:\Windows\System32\Drivers\Fips.sys d45926117eb9fa946a6af572fbe1caa3
C:\Windows\System32\Drivers\Flpydisk.sys 9d27e7b80bfcdf1cdd9b555862d5e7f0
C:\Windows\System32\drivers\fltmgr.sys b2cf4b0786f8212cb92ed2b50c6db6b0
C:\Windows\System32\Drivers\Fs_Rec.sys 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a
C:\Windows\System32\DRIVERS\ftdisk.sys 6ac26732762483366c3969c9e4d2259d
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msgpc.sys 0a02c63c8b144bd8c86b103dee7c86a2
C:\Windows\System32\DRIVERS\HDAudBus.sys 573c7d0a32852b48f3058cfd8026f511
C:\Windows\System32\DRIVERS\hidusb.sys ccf82c5ec8a7326c3066de870c06daf1
C:\Windows\System32\Drivers\HTTP.sys f80a415ef82cd06ffaf0d971528ead38
C:\Windows\System32\DRIVERS\i8042prt.sys 4a0b06aa8943c1e332520f7440c0aa30
C:\Windows\System32\DRIVERS\igxpmp32.sys 48846b31be5a4fa662ccfde7a1ba86b9
C:\Windows\System32\DRIVERS\imapi.sys 083a052659f5310dd8b6a6cb05edcf8e
C:\Windows\System32\drivers\RtkHDAud.sys 43b0b2d3d22afb63197fe011d02a977b
C:\Windows\System32\DRIVERS\intelppm.sys 8c953733d8f36eb2133f5bb58808b66b
C:\Windows\System32\drivers\ip6fw.sys 3bb22519a194418d5fec05d800a19ad0
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731f22ba402ee4b62748adaf6363c182
C:\Windows\System32\DRIVERS\ipinip.sys b87ab476dcf76e72010632b5550955f5
C:\Windows\System32\DRIVERS\ipnat.sys cc748ea12c6effde940ee98098bf96bb
C:\Windows\System32\DRIVERS\ipsec.sys 23c74d75e36e7158768dd63d92789a91
C:\Windows\System32\DRIVERS\irenum.sys c93c9ff7b04d772627a3646d89f7bf89
C:\Windows\System32\DRIVERS\isapnp.sys 05a299ec56e52649b1cf2fc52d20f2d7
C:\Windows\System32\DRIVERS\kbdclass.sys 463c1ec80cd17420a542b7f36a36f128
C:\Windows\System32\drivers\kmixer.sys 692bcf44383d056aed41b045a323d378
C:\Windows\System32\Drivers\KSecDD.sys b467646c54cc746128904e1654c750c1
C:\Windows\System32\DRIVERS\l1c51x86.sys 1e256e6541ddd97a1931a2a300317166
C:\WINDOWS\system32\drivers\mbam.sys 629cabb0421668c9d3d402a3c3d77e14
C:\Windows\System32\Drivers\mnmdd.sys 4ae068242760a1fb6e1a44bf4e16afa6
C:\Windows\System32\Drivers\Modem.sys dfcbad3cec1c5f964962ae10e0bcc8e1
C:\Windows\System32\drivers\Monfilt.sys 9fa7207d1b1adead88ae8eed9cdbbaa5
C:\Windows\System32\DRIVERS\mouclass.sys 35c9e97194c8cfb8430125f8dbc34d04
C:\Windows\System32\DRIVERS\mouhid.sys b1c303e17fb9d46e87a98e4ba6769685
C:\Windows\System32\Drivers\MountMgr.sys a80b9a0bad1b73637dbcbba7df72d3fd
C:\Windows\System32\DRIVERS\mrxdav.sys 11d42bb6206f33fbb3ba0288d3ef81bd
C:\Windows\System32\Drivers\Msfs.sys c941ea2454ba8350021d774daf0f1027
C:\Windows\System32\drivers\MSKSSRV.sys d1575e71568f4d9e14ca56b7b0453bf1
C:\Windows\System32\drivers\MSPCLOCK.sys 325bb26842fc7ccc1fcce2c457317f3e
C:\Windows\System32\drivers\MSPQM.sys bad59648ba099da4a17680b39730cb3d
C:\Windows\System32\DRIVERS\mssmbios.sys af5f4f3f14a8ea2c26de30f7a1e17136
C:\Windows\System32\drivers\MSTEE.sys e53736a9e30c45fa9e7b5eac55056d1d
C:\Windows\System32\Drivers\Mup.sys de6a75f5c270e756c5508d94b6cf68f5
C:\Windows\System32\DRIVERS\NABTSFEC.sys 5b50f1b2a2ed47d560577b221da734db
C:\Windows\System32\Drivers\NDIS.sys 1df7f42665c94b825322fae71721130d
C:\Windows\System32\DRIVERS\NdisIP.sys 7ff1f1fd8609c149aa432f95a8163d97
C:\Windows\System32\DRIVERS\ndistapi.sys 0109c4f3850dfbab279542515386ae22
C:\Windows\System32\DRIVERS\ndisuio.sys f927a4434c5028758a842943ef1a3849
C:\Windows\System32\DRIVERS\ndiswan.sys edc1531a49c80614b2cfda43ca8659ab
C:\Windows\System32\Drivers\NDProxy.sys 9282bd12dfb069d3889eb3fcc1000a9b
C:\Windows\System32\DRIVERS\netaapl.sys 29c45722e20572b6440b57e3359e73ee
C:\Windows\System32\DRIVERS\netbt.sys 74b2b2f5bea5e9a3dc021d685551bd3d
C:\Windows\System32\Drivers\Npfs.sys 3182d64ae053d6fb034f44b6def8034a
C:\Windows\System32\Drivers\Ntfs.sys 78a08dd6a8d65e697c18e1db01c5cdca
C:\Windows\System32\Drivers\Null.sys 73c1e1f395918bc2c6dd67af7591a3ad
C:\Windows\System32\DRIVERS\nwlnkflt.sys b305f3fad35083837ef46a0bbce2fc57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys c99b3415198d1aab7227f2c88fd664b9
C:\Windows\System32\Drivers\Parport.sys 5575faf8f97ce5e713d108c2a58d7c7c
C:\Windows\System32\Drivers\PartMgr.sys beb3ba25197665d82ec7065b724171c6
C:\Windows\System32\Drivers\ParVdm.sys 70e98b3fd8e963a6a46a2e6247e0bea1
C:\Windows\System32\DRIVERS\pci.sys a219903ccf74233761d92bef471a07b1
C:\Windows\System32\DRIVERS\pciide.sys ccf5f451bb1a5a2a522a76e670000ff0
C:\Windows\System32\Drivers\Pcmcia.sys 9e89ef60e9ee05e3f2eef2da7397f1c1
C:\Windows\System32\DRIVERS\raspptp.sys efeec01b1d3cf84f16ddd24d9d9d8f99
C:\Windows\System32\DRIVERS\psched.sys 09298ec810b07e5d582cb3a3f9255424
C:\Windows\System32\DRIVERS\ptilink.sys 80d317bd1c3dbc5d4fe7b1678c60cadd
C:\Windows\System32\Drivers\PxHelp20.sys 153d02480a0a2f45785522e814c634b6
C:\Windows\System32\DRIVERS\rasacd.sys fe0d99d6f31e4fad8159f690d68ded9c
C:\Windows\System32\DRIVERS\rasl2tp.sys 11b4a627bc9614b885c4969bfa5ff8a6
C:\Windows\System32\DRIVERS\raspppoe.sys 5bc962f2654137c9909c3d4603587dee
C:\Windows\System32\DRIVERS\raspti.sys fdbb1d60066fcfbb7452fd8f9829b242
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912d5b403614ce99c28420f75353332
C:\Windows\System32\Drivers\RDPWD.sys 43af5212bd8fb5ba6eed9754358bd8f7
C:\Windows\System32\DRIVERS\redbook.sys f828dd7e1419b6653894a8f97a0094c5
C:\Windows\System32\DRIVERS\rimsptsk.sys d0c2a0ce1091e08efb7ccba6cea4c3f9
C:\Windows\System32\Drivers\RimUsb.sys 4f4a4c09cc5be58a76cac1c337e004e6
C:\Windows\System32\DRIVERS\RimSerial.sys 3a5633ad615e2b15291bd0b1b97ccd8a
C:\Windows\System32\DRIVERS\risdptsk.sys bff70b98423f5b33d14f8438ecebf650
C:\Windows\System32\Drivers\RootMdm.sys d8b0b4ade32574b2d9c5cc34dc0dbbe7
C:\Windows\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys cca207a8896d4c6a0c9ce29a4ae411a7
C:\Windows\System32\DRIVERS\sfloppy.sys 8e6b8c671615d126fdc553d1e2de5562
C:\Windows\System32\DRIVERS\SLIP.sys 866d538ebe33709a5c9f5c62b73b7d14
C:\Windows\System32\Drivers\SonyNC.sys be6038e0a7d2e2fe69107e41a0265831
C:\Windows\System32\DRIVERS\sonypvs1.sys dfadfc2c86662f40759bf02add27d569
C:\Windows\System32\DRIVERS\SONYPVU1.SYS a1eceeaa5c5e74b2499eb51d38185b84
C:\Windows\System32\drivers\splitter.sys ab8b92451ecb048a4d1de7c3ffcb4a9f
C:\Windows\System32\DRIVERS\sr.sys 76bb022c2fb6902fd5bdd4f78fc13a5d
C:\Windows\System32\DRIVERS\srv.sys 47ddfc2f003f7f9f0592c6874962a2e7
C:\Windows\System32\DRIVERS\StreamIP.sys 77813007ba6265c4b6098187e6ed79d2
C:\Windows\System32\DRIVERS\swenum.sys 3941d127aef12e93addf6fe6ee027e0f
C:\Windows\System32\drivers\swmidi.sys 8ce882bcc6cf8a62f2b2323d95cb3d01
C:\Windows\System32\DRIVERS\SynTP.sys 7576e391184a4581dd06d3bd93fd146c
C:\Windows\System32\drivers\sysaudio.sys 8b83f3ed0f1688b4958f77cd6d2bf290
C:\Windows\System32\DRIVERS\tcpip.sys 9aefa14bd6b182d61e3119fa5f436d3d
C:\Windows\System32\Drivers\TDPIPE.sys 6471a66807f5e104e4885f5b67349397
C:\Windows\System32\Drivers\TDTCP.sys c56b6d0402371cf3700eb322ef3aaf61
C:\Windows\System32\DRIVERS\termdd.sys 88155247177638048422893737429d9e
C:\Windows\System32\Drivers\Udfs.sys 5787b80c2e3c5e2f56c2a233d91fa2c9
C:\Windows\System32\DRIVERS\update.sys 402ddc88356b1bac0ee3dd1580c76a31
C:\Windows\System32\Drivers\usbaapl.sys d4fb6ecc60a428564ba8768b0e23c0fc
C:\Windows\System32\drivers\usbaudio.sys e919708db44ed8543a7c017953148330
C:\Windows\System32\DRIVERS\usbccgp.sys 173f317ce0db8e21322e71b7e60a27e8
C:\Windows\System32\DRIVERS\usbehci.sys 65dcf09d0e37d4c6b11b5b0b76d470a7
C:\Windows\System32\DRIVERS\usbhub.sys 1ab3cdde553b6e064d2e754efe20285c
C:\Windows\System32\DRIVERS\usbscan.sys a0b8cf9deb1184fbdd20784a58fa75d4
C:\Windows\System32\DRIVERS\USBSTOR.SYS a32426d9b14a089eaa1d922e0c5801a9
C:\Windows\System32\DRIVERS\usbuhci.sys 26496f9dee2d787fc3e61ad54821ffe6
C:\Windows\System32\Drivers\usbvideo.sys 63bbfca7f390f4c49ed4b96bfb1633e0
C:\Windows\System32\drivers\vga.sys 0d3a8fafceacd8b7625cd549757a7df1
C:\Windows\System32\Drivers\VolSnap.sys 4c8fcb5cc53aab716d810740fe59d025
C:\Windows\System32\DRIVERS\wanarp.sys e20b95baedb550f32dd489265c1da1f6
C:\Windows\System32\Drivers\wdf01000.sys bbcfeab7e871cddac2d397ee7fa91fdc
C:\Windows\System32\drivers\wdmaud.sys 6768acf64b18196494413695f0c3a00f
C:\Windows\System32\DRIVERS\wpdusb.sys cf4def1bf66f06964dc0d91844239104
C:\Windows\System32\Drivers\WS2IFSL.sys 6abe6e225adb5a751622a9cc3bc19ce8
C:\Windows\System32\DRIVERS\WSTCODEC.SYS c98b39829c2bbd34e454150633c62c78
C:\Windows\System32\DRIVERS\WudfPf.sys f15feafffbb3644ccc80c5da584e6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28b524262bce6de1f7ef9f510ba3985b

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-07 16:26 - 2013-04-07 19:53 - 00000000 ____D C:\i386
2013-04-07 14:03 - 2013-04-07 14:03 - 00000000 ____D C:\_OTL
2013-04-07 14:03 - 2011-07-12 18:55 - 02237440 ____A (OldTimer Tools) C:\OTLPE.exe
2013-04-07 13:57 - 2013-04-07 13:52 - 331527048 ____A C:\WindowsXP-KB936929-SP3-x86-ENU.rar
2013-04-07 13:55 - 2013-04-07 10:37 - 331805736 ____A (Microsoft Corporation) C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-04-06 22:49 - 2013-04-08 18:42 - 00088478 ____A C:\OTL.Txt
2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:40 - 2013-04-05 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 22:08 - 2013-04-05 22:09 - 09096848 ____A (SurfRight B.V.) C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
2013-04-05 21:37 - 2013-04-05 21:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-05 21:36 - 2013-04-05 21:36 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-05 21:36 - 2012-12-14 19:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-05 21:27 - 2013-04-05 21:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-04-05 21:26 - 2013-04-05 21:28 - 00004848 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-04-05 21:22 - 2013-04-05 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-05 21:21 - 2013-04-05 22:01 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-04-05 21:21 - 2013-04-05 21:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:31 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-04-05 21:21 - 2009-06-24 07:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
2013-04-05 21:21 - 2009-06-24 07:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-04-05 21:21 - 2009-06-24 07:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-04-05 21:21 - 2009-06-24 06:48 - 00013104 ___AH C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\TempRAID
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2013-04-05 21:21 - 2009-06-24 06:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-04-05 21:21 - 2009-06-24 06:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ___HD C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ____D C:\Documents and Settings\Administrator\Bluetooth Software
2013-04-05 21:21 - 2009-06-24 05:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield
2013-04-05 21:21 - 2009-06-23 05:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-04-04 22:13 - 2013-04-04 22:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-04-04 22:11 - 2013-04-04 22:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-04-04 22:08 - 2013-04-05 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
2013-03-17 20:09 - 2013-03-31 16:00 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-03-17 20:09 - 2013-03-17 20:09 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders ========

2013-04-08 18:42 - 2013-04-06 22:49 - 00088478 ____A C:\OTL.Txt
2013-04-07 19:53 - 2013-04-07 16:26 - 00000000 ____D C:\i386
2013-04-07 14:03 - 2013-04-07 14:03 - 00000000 ____D C:\_OTL
2013-04-07 13:52 - 2013-04-07 13:57 - 331527048 ____A C:\WindowsXP-KB936929-SP3-x86-ENU.rar
2013-04-07 10:37 - 2013-04-07 13:55 - 331805736 ____A (Microsoft Corporation) C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:49 - 2009-06-23 13:10 - 00032434 ____A C:\Windows\SchedLgU.Txt
2013-04-05 23:49 - 2009-06-23 13:05 - 01886111 ____A C:\Windows\WindowsUpdate.log
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:48 - 2013-04-05 23:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 23:48 - 2010-01-16 16:22 - 00000178 __ASH C:\Documents and Settings\Marita XoXo\ntuser.ini
2013-04-05 23:48 - 2009-06-23 13:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 23:48 - 2009-06-23 06:00 - 00000275 ____A C:\Windows\wiadebug.log
2013-04-05 23:48 - 2009-06-23 06:00 - 00000048 ____A C:\Windows\wiaservc.log
2013-04-05 23:40 - 2009-06-23 05:57 - 00073244 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-05 23:37 - 2011-08-29 23:41 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Skype
2013-04-05 23:36 - 2012-06-09 02:23 - 00000290 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
2013-04-05 23:36 - 2009-06-23 12:49 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-04-05 23:35 - 2010-01-16 16:22 - 00000062 __ASH C:\Documents and Settings\Marita XoXo\Local Settings\desktop.ini
2013-04-05 23:35 - 2009-06-24 06:39 - 00000000 __HDC C:\Windows\$NtUninstallKB953155$
2013-04-05 23:35 - 2009-06-23 13:10 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-05 23:35 - 2009-06-23 13:10 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-05 23:15 - 2012-06-06 22:22 - 00001022 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
2013-04-05 22:09 - 2013-04-05 22:08 - 09096848 ____A (SurfRight B.V.) C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
2013-04-05 22:02 - 2010-10-15 10:53 - 00000000 __HDC C:\Windows\$NtUninstallKB2296011$
2013-04-05 22:01 - 2013-04-05 21:21 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-04-05 21:37 - 2013-04-05 21:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-05 21:36 - 2013-04-05 21:36 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-05 21:28 - 2013-04-05 21:26 - 00004848 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-04-05 21:27 - 2013-04-05 21:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-04-05 21:22 - 2013-04-05 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-05 21:21 - 2013-04-05 21:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-05 19:46 - 2012-03-01 12:20 - 00008192 _ASHC C:\Windows\Thumbs.db
2013-04-05 19:45 - 2013-04-04 22:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
2013-04-05 19:41 - 2013-02-20 16:38 - 00011718 ____A C:\Windows\setupapi.log
2013-04-04 22:15 - 2012-01-31 16:14 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Desktop\Fer...!
2013-04-04 22:13 - 2013-04-04 22:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-04-04 22:11 - 2013-04-04 22:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-04-04 22:07 - 2010-01-16 16:22 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Adobe
2013-04-04 21:07 - 2012-04-26 00:16 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\vlc
2013-04-04 20:51 - 2010-01-20 02:44 - 00194048 ____A C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-02 17:00 - 2012-06-09 02:23 - 00000298 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
2013-04-01 19:52 - 2011-06-16 14:41 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-03-31 16:00 - 2013-03-17 20:09 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-03-28 08:15 - 2012-06-06 22:22 - 00001000 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
2013-03-25 01:36 - 2013-03-03 17:55 - 00352568 ____A C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-03-23 14:45 - 2009-06-23 13:03 - 00047151 ___AC C:\Windows\wmsetup.log
2013-03-22 03:45 - 2010-01-20 02:02 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Tracing
2013-03-21 22:26 - 2012-05-03 03:03 - 00693976 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-21 22:26 - 2012-02-07 16:06 - 00073432 ___AC (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-19 12:19 - 2010-01-20 02:16 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-03-17 20:09 - 2013-03-17 20:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-03-17 20:09 - 2012-10-22 22:18 - 00000000 ___RD C:\Program Files\Skype
2013-03-17 20:09 - 2011-08-29 23:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-03-12 23:25 - 2012-05-09 00:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-05 20:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP610

RP: -> 2013-04-04 19:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP609

RP: -> 2013-04-03 17:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP608

RP: -> 2013-04-02 02:22 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP607

RP: -> 2013-04-01 00:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP606

RP: -> 2013-03-30 19:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP605

RP: -> 2013-03-29 15:26 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP604

RP: -> 2013-03-28 04:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP603

RP: -> 2013-03-26 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP602

RP: -> 2013-03-25 19:33 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP601

RP: -> 2013-03-24 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP600

RP: -> 2013-03-23 02:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP599

RP: -> 2013-03-22 00:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP598

RP: -> 2013-03-20 20:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP597

RP: -> 2013-03-19 20:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP596

RP: -> 2013-03-18 19:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP595

RP: -> 2013-03-17 18:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP594

RP: -> 2013-03-16 18:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP593

RP: -> 2013-03-15 18:01 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP592

RP: -> 2013-03-14 17:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP591

RP: -> 2013-03-13 14:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP590

RP: -> 2013-03-12 14:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP589

RP: -> 2013-03-11 05:11 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP588

RP: -> 2013-03-10 05:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP587

RP: -> 2013-03-09 02:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP586

RP: -> 2013-03-08 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP585

RP: -> 2013-03-07 01:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP584

RP: -> 2013-03-06 01:12 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP583

RP: -> 2013-03-04 23:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP582

RP: -> 2013-03-03 01:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP581

RP: -> 2013-03-01 21:37 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP580

RP: -> 2013-02-28 21:02 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP579

RP: -> 2013-02-27 19:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP578

RP: -> 2013-02-26 19:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP577

RP: -> 2013-02-25 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP576

RP: -> 2013-02-24 05:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP575

RP: -> 2013-02-23 02:14 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP574

RP: -> 2013-02-22 00:53 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP573

RP: -> 2013-02-20 23:32 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP572

RP: -> 2013-02-18 18:09 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP571

RP: -> 2013-02-17 16:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP570

RP: -> 2013-02-16 04:41 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP569

RP: -> 2013-02-15 00:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP568

RP: -> 2013-02-13 23:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP567

RP: -> 2013-02-12 22:50 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP566

RP: -> 2013-02-11 22:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP565

RP: -> 2013-02-10 21:36 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP564

RP: -> 2013-02-09 18:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP563

RP: -> 2013-02-08 16:25 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP562

RP: -> 2013-02-07 11:43 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP561

RP: -> 2013-02-06 01:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP560

RP: -> 2013-02-05 00:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP559

RP: -> 2013-02-03 17:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP558

RP: -> 2013-02-02 15:34 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP557

RP: -> 2013-02-01 02:04 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP556

RP: -> 2013-01-31 00:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP555

RP: -> 2013-01-29 20:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP554

RP: -> 2013-01-29 03:06 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP553

RP: -> 2013-01-28 01:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP552

RP: -> 2013-01-27 01:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP551

RP: -> 2013-01-26 01:39 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP550

RP: -> 2013-01-24 23:59 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP549

RP: -> 2013-01-23 16:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP548

RP: -> 2013-01-22 01:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP547

RP: -> 2013-01-20 04:49 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP546

RP: -> 2013-01-19 03:51 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP545

RP: -> 2013-01-15 20:07 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP544

RP: -> 2013-01-14 04:29 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP543

RP: -> 2013-01-13 02:56 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP542

RP: -> 2013-01-12 02:30 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP541

RP: -> 2013-01-11 01:42 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP540

RP: -> 2013-01-09 23:58 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP539

RP: -> 2013-01-08 21:27 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP538

RP: -> 2013-01-07 21:17 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP537

RP: -> 2013-01-06 19:52 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP536

RP: -> 2013-01-06 19:20 - 024576 _restore{A7DB428C-8EFC-4BF4-B34E-EAAE9CAA90E8}\RP535


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1014.36 MB
Available physical RAM: 802.98 MB
Total Pagefile: 901.89 MB
Available Pagefile: 821.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.98 MB

==================== Partitions =============================

1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:141.05 GB) (Free:35.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive x: (ReatogoPE) (Removable) (Total:7.45 GB) (Free:7.11 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8190 MB 1024 KB
Partition 2 Primary 141 GB 8191 MB
Partition 3 Unknown 848 KB 149 GB
=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 NTFS Partition 8190 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 141 GB Healthy
=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Partition 1024 KB Healthy
=========================================================
==================== End Of Log ============================
  • 0

#42
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Brilliant, well done. :thumbsup:

Now for the next action.

Start your computer with the bootable flash drive. When the system has rebooted your system should now display a REATOGO-X-PE desktop.
Double-click on the MBRFix icon, a command window will open

Posted Image

Use the same approach you did last time to paste in the following and press enter:

MbrFix /drive 0 /partition 2 setactivepartition

Try and reboot normally into your computer.
  • 0

#43
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OMG!! It works!!!! At first I got a blue screen saying something about HitmanPro but then it went into my Desktop! All my data is there and it workd perfectly! THANK YOU SOOO MUCH!!!!!
  • 0

#44
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Excellent. :)

Couple of things.

While it is now inactive there is still infection in one of the partitions. It can't do anything while the partition is inactive but we should remove it.

Also we should run a couple of tools to check for any leftover infection elsewhere.

Further, please uninstall hitman.pro

Now

I think before we go any further you should back up your essential documents.

After that

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.
  • 0

#45
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
For some reason Hitman wasn't installed, I only had the icon on the Desktop and after running a full pc search I only found 2 files, which I deleted :) I did the last steps and he is the log:



ListParts by Farbar Version: 10-03-2013
Ran by Marita XoXo (administrator) on 11-04-2013 at 02:41:09
Windows XP (X86)
Running From: C:\Documents and Settings\Marita XoXo\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 76%
Total physical RAM: 1014.36 MB
Available physical RAM: 237.5 MB
Total Pagefile: 2441.57 MB
Available Pagefile: 1792.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.17 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:141.05 GB) (Free:35.42 GB) NTFS ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8190 MB 1024 KB
Partition 2 Primary 141 GB 8191 MB
Partition 3 Unknown 848 KB 149 GB
======================================================================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 141 GB Healthy System (partition with boot components)
======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.
======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 497E6F38

Partition 1:
===========
Hex: 0020210012FEFFFF0008000000F0FF00
Active: NO
Type: 12
Size: 8 GB

Partition 2:
===========
Hex: 8034E1FF0735F4FF00F8FF0000A0A111
Active: YES
Type: 07 (NTFS)
Size: 141 GB

Partition 3:
===========
Hex: 0035F5FF1750EFFF0098A112A0060000
Active: NO
Type: 17
Size: 848 KB
ATTENTION ===> Suspicious partition bootkit on partition 3


****** End Of Log ******
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP