Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit infection in SYSTEM (PID 4) [Solved]


  • This topic is locked This topic is locked

#1
stemoc

stemoc

    Member

  • Member
  • PipPip
  • 19 posts
Hi, There is some sort of a rootkit infection in my PC, I assume its rootkit cause its manipulating data on my PC while hidden. I detected its presence in the Resource Monitor in February and have been trying to remove it since with no success

I have already ran scans with
* ComboFix can't find
* MBAR couldn't find anything
* TDSSKiller also found nothing
* Rootrepeal failed (crashed after starting)
* Rootkitbuster failed after starting too
* McAfee's rootkit remover failed too
* RogueKiller couldn't find it
* Spybot S&D couldn't find it
* BitDefender crashed
* SpyDll failed
* RootkitUnHooker crashes
* VundoFix finds nothing
* SmithFraudix finds nothign
* Show-hidden can't find it


I ran a few other checks such as
* runscanner
* unhide
* dds

Posted Image
The image above show the virus (-) manipulating COMBOFIX tool catchme as it was doing a search for the virus. It does it to every scanner i run. The virus itself runs under SYSTEM (PID 4)


Yesterday i ran MBAM Pro (Malwarebytes Anti-Malware) and it didn't detect it as well due to the virus being able to manipulate the "services" of the scanners, just like it does to EVERY scanner i ran....but one thing i found weird was that it GREYED out one of the section which had the option for mbam to "protect system files" preventing me from selecting that option. The virus also keeps changing permissions for my folders and other files such as changing permission for chrome which prevents me from using my browser etc...

Reading the comments, it looks like i have nothing because all the BEST scanners in the world can't find it...but you are not in my position so you wouldn't know what i go through..I have a bad infection adn no one has been able to help me uptil now..

What i think it may be
* A hidden virus with administrator rights which manipulates registry's and system files
* A system file replaced by the virus
* A rootkit that injects DLL to every program i run either it be a scanner or just a notepad


This virus is too strong so unless someone can tell me a way to remove its power of controlling all programs, i may not be able to remove it..

NOTE: I cannot provide you the logs for OTL as it freezes within 5 seconds everytime i run it.

Edited by stemoc, 21 April 2013 - 07:42 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a challenge.. Roll it on. What is your operating system and is it 32 or 64 bit
Also do you have access to another computer where we can burn a USB for use on the infected system ?
  • 0

#3
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
sorry about that, Its Windows Vista SP0 on 32-bit .. I do have a laptop which i refuse to connect to the pc or use anything that has been on the PC for safety reasons..

btw, my system is old so doesn't allow booting from a USB.. (Acer Veriton 5500g with Award BIOS 6.00, 1.8 Ghz processor speed and 1.5Gb RAM)

to add more, the virus runs in safemode too as well and sfc can't be used to repair the damaged/corrupted files cause it prevents it from doing a full clean search..again, since the virus seems to have admins rights, it can control ANY program that runs as a service and manipulate it to prevent itself from being found... I have also done an MBR reset many times to no avail.. a few scanners have come close to finding it but just as they seem to be doing so, the hidden process takes control of their PID and writes certain kilobytes of data and then leaves control of that PID..the first few times I saw it, i was shocked, for a moment i thought it was a an actual person doing it remotely so i disabled the net and tried it many many times with the same outcome.. The most data it has written to a scanner was about 800kbs to Roguekiller who i chose to scan for "Check FAKED" files as you can see in the image below
Posted Image

Its a very persistent virus, probably one of the worse you have seen, its probably so new that it doesn't even have a name so it might be a hard to actually solve this in a few days...

Using ProcessExplorer, i can find it running as a process type on multiple services but its known as "Access is denied."

some of the services it has access/control as a process type "Access is denied." running are
*smss
*csrss
*lsass
*lsm
*svchost
*audiodg
*SLsvc
*dwm.exe

the rest it controls from time to time..sometimes when I open a notepad, it takes control of "explorer.exe" and probably tries to read what i'm reading..sometimes when i do a search of something online and the site it goes to is either Microsoft or some other malware related site, it takes control of the firefox.exe and tries to "read" ..has anyone ever come across such a virus?

Posted Image
Winlogon being controlled by a "<Non-Existent Process>", about 4 other services are controlled by this with different PID's

Wininit.exe (408)
Explorer.EXE (1656)
csrss.exe (460)
csrss.exe (408)
taskmgr.exe (3660)

Here is how Process Hacker sees the virus in the disk section as "\FI_Unknown"
Posted Image

Edited by stemoc, 23 April 2013 - 12:20 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets work from a CD then :)

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to the CD after OTLPE has burnt .
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Locate FSRT on the CD and run
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#5
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I have limited Internet access so I can't actually download tools that are over 100mB as internet in my country is very expensive. I have already tried the farbar idea using the Vista installation disk, but as i said on another forum, the virus has control of the PC during this as well. This is my last frst log..

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 27 days old)
Ran by SYSTEM at 09-04-2013 16:28:15
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry ================================

HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [24576 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2923520 2006-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 183.81.133.151
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli

============== Services =========================

2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [58880 2006-11-02] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2006-11-02] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 Audiosrv; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [317440 2006-11-02] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [750080 2010-07-18] (Microsoft Corporation)
2 Browser; C:\Windows\System32\browser.dll [81408 2006-11-02] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [59392 2006-11-01] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2006-11-02] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [123392 2006-11-02] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
3 DFSR; C:\Windows\System32\DFSR.exe [2089984 2006-11-02] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204800 2006-11-02] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [83968 2006-11-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [146944 2006-11-02] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [134656 2006-11-02] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [34816 2006-11-02] (Microsoft Corporation)
4 ehRecvr; C:\Windows\ehome\ehRecvr.exe [291840 2006-11-02] (Microsoft Corporation)
4 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
4 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
3 EMDMgmt; C:\Windows\System32\emdmgmt.dll [560640 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [259584 2006-11-02] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [12800 2006-11-02] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2006-11-02] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [569344 2006-11-02] (Microsoft Corporation)
2 hidserv; C:\Windows\System32\hidserv.dll [25600 2006-11-02] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [69120 2006-11-02] (Microsoft Corporation)
4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
4 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [741376 2006-11-02] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [416768 2006-11-02] (Microsoft Corporation)
4 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [878592 2006-01-15] (Nero AG)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [74240 2006-11-02] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [177664 2006-11-02] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
2 KtmRm; C:\Windows\System32\msdtckrm.dll [284672 2006-11-02] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [121344 2006-11-02] (Microsoft Corporation)
3 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [156160 2006-11-02] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188416 2006-11-02] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [51712 2006-11-02] (Microsoft Corporation)
3 MMCSS; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [395264 2006-11-02] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [106496 2006-11-02] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [111104 2006-11-02] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [71680 2006-11-02] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [277504 2006-11-02] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [273920 2006-11-02] (Microsoft Corporation)
3 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator [122880 2006-11-02] (Microsoft Corporation)
3 NetPipeActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
2 netprofm; C:\Windows\System32\netprofm.dll [235520 2006-11-02] (Microsoft Corporation)
3 NetTcpActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
3 NlaSvc; C:\Windows\System32\nlasvc.dll [171520 2006-11-02] (Microsoft Corporation)
3 nsi; C:\Windows\System32\nsisvc.dll [18432 2006-11-02] (Microsoft Corporation)
2 nvsvc; C:\Windows\System32\nvvsvc.exe [129640 2010-04-02] (NVIDIA Corporation)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-25] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-25] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2006-11-02] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1499136 2006-11-02] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [221696 2012-02-17] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [361984 2006-11-02] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242176 2006-11-02] (Microsoft Corporation)
4 RasAuto; C:\Windows\System32\rasauto.dll [90624 2006-11-02] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [234496 2006-11-02] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [65536 2006-11-02] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [105984 2006-11-02] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [7680 2006-11-02] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [75496 2010-07-04] (tzuk)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2006-11-02] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [595456 2012-02-17] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [102912 2006-11-02] (Microsoft Corporation)
3 seclogon; C:\Windows\system32\seclogon.dll [19968 2006-11-02] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [47104 2006-11-02] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [92160 2006-11-02] (Microsoft Corporation)
4 SharedAccess; C:\Windows\System32\ipnathlp.dll [286720 2006-11-02] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [9728 2006-11-02] (Microsoft Corporation)
2 slsvc; C:\Windows\System32\SLsvc.exe [2592256 2006-11-02] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [57344 2006-11-02] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [124928 2006-11-02] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155136 2006-11-02] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [451584 2006-11-02] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [292864 2006-11-02] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [540672 2006-11-02] (Microsoft Corporation)
4 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation)
2 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2006-11-02] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [54784 2006-11-02] (Microsoft Corporation)
2 TermService; C:\Windows\System32\termsrv.dll [427520 2006-11-02] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
3 TrkWks; C:\Windows\System32\trkwks.dll [75264 2006-11-02] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [27136 2012-02-17] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2006-11-02] (Microsoft Corporation)
2 upnphost; C:\Windows\System32\upnphost.dll [259072 2006-11-02] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [28672 2006-11-02] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [392704 2006-11-02] (Microsoft Corporation)
4 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-09-17] (Vodafone)
3 VSS; C:\Windows\System32\vssvc.exe [924160 2006-11-02] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [270848 2006-11-02] (Microsoft Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [249344 2006-11-02] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation)
2 WdiServiceHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
4 WebClient; C:\Windows\System32\webclnt.dll [194048 2006-11-02] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [63488 2006-11-02] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [127488 2006-11-02] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [263272 2006-11-02] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [376832 2006-11-02] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [161280 2006-11-02] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [450048 2006-11-02] (Microsoft Corporation)
4 Wlansvc; C:\Windows\System32\wlansvc.dll [502784 2006-11-02] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [137216 2006-11-02] (Microsoft Corporation)
4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [895488 2006-11-02] (Microsoft Corporation)
4 WPCSvc; C:\Windows\System32\wpcsvc.dll [141824 2006-11-02] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [70144 2006-11-02] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [52224 2006-11-02] (Microsoft Corporation)
4 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [287744 2006-11-02] (Microsoft Corporation)
4 wuauserv; C:\Windows\System32\wuaueng.dll [1929952 2010-07-18] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [55296 2006-11-02] (Microsoft Corporation)

==================== Drivers ===============================

3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
0 ACPI; C:\Windows\System32\drivers\acpi.sys [255592 2006-11-02] (Microsoft Corporation)
4 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [420968 2006-11-02] (Adaptec, Inc.)
4 adpahci; C:\Windows\system32\drivers\adpahci.sys [297576 2006-11-02] (Adaptec, Inc.)
4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [98408 2006-11-02] (Adaptec, Inc.)
4 adpu320; C:\Windows\system32\drivers\adpu320.sys [147048 2006-11-02] (Adaptec, Inc.)
1 AFD; C:\Windows\system32\drivers\afd.sys [270336 2006-11-02] (Microsoft Corporation)
0 agp440; C:\Windows\System32\DRIVERS\agp440.sys [53864 2006-11-02] (Microsoft Corporation)
4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [71272 2006-11-02] (Adaptec, Inc.)
4 aliide; C:\Windows\system32\drivers\aliide.sys [14952 2006-11-02] (Acer Laboratories Inc.)
3 amdagp; C:\Windows\system32\drivers\amdagp.sys [54888 2006-11-02] (Microsoft Corporation)
4 amdide; C:\Windows\system32\drivers\amdide.sys [15464 2006-11-02] (Microsoft Corporation)
4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [38912 2006-11-02] (Microsoft Corporation)
4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [40960 2006-11-02] (Microsoft Corporation)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
4 arc; C:\Windows\system32\drivers\arc.sys [67688 2006-11-02] (Adaptec, Inc.)
4 arcsas; C:\Windows\system32\drivers\arcsas.sys [67688 2006-11-02] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2006-11-02] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [19048 2006-11-02] (Microsoft Corporation)
0 AVG Anti-Rootkit; C:\Windows\System32\DRIVERS\avgarkt.sys [5632 2007-01-31] (GRISOFT, s.r.o.)
1 AvgArCln; C:\Windows\System32\DRIVERS\AvgArCln.sys [3968 2007-01-18] (GRISOFT, s.r.o.)
3 basic2; C:\Windows\System32\DRIVERS\basic2.sys [82770 2001-10-15] (Conexant Systems)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2006-11-02] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2006-11-02] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] (Brother Industries, Ltd.)
4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] (Brother Industries Ltd.)
4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2006-11-02] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2006-11-02] (Microsoft Corporation)
4 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2006-11-02] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [224824 2012-02-17] (Microsoft Corporation)
4 cmdide; C:\Windows\system32\drivers\cmdide.sys [16488 2006-11-02] (CMD Technology, Inc.)
4 Compbatt; C:\Windows\system32\drivers\compbatt.sys [18280 2006-11-02] (Microsoft Corporation)
3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()
0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [22632 2006-11-02] (Microsoft Corporation)
4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [38912 2006-11-02] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [74752 2006-11-02] (Microsoft Corporation)
0 disk; C:\Windows\System32\drivers\disk.sys [52840 2006-11-02] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2006-11-02] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [617472 2006-11-02] (Microsoft Corporation)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [163328 2006-11-01] (Intel Corporation)
3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [117760 2006-11-01] (Intel Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [132200 2006-11-02] (Microsoft Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
4 elxstor; C:\Windows\system32\drivers\elxstor.sys [316520 2006-11-02] (Emulex)
3 ERmvrDrv; \??\C:\Windows\system32\drivers\ERKRmvrDrv.sys [31424 2013-04-06] ()
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [112128 2009-07-22] (Huawei Technologies Co., Ltd.)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [142336 2006-11-02] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2006-11-02] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [56424 2006-11-02] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2006-11-02] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2006-11-02] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [183912 2006-11-02] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [12800 2006-11-02] (Microsoft Corporation)
3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [58984 2006-11-02] (Microsoft Corporation)
3 GVCplDrv; C:\Windows\System32\Drivers\GVCplDrv.sys [23040 2004-05-02] ()
4 HDAudBus; C:\Windows\system32\drivers\hdaudbus.sys [53248 2006-11-01] (Microsoft Corporation)
4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] (Microsoft Corporation)
4 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12288 2006-11-02] (Microsoft Corporation)
4 HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [37480 2006-11-02] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [396800 2011-04-02] (Microsoft Corporation)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102912 2009-07-22] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-22] (Huawei Technologies Co., Ltd.)
4 i2omp; C:\Windows\system32\drivers\i2omp.sys [27752 2006-11-02] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2012-02-17] (Microsoft Corporation)
4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [232040 2006-11-02] (Intel Corporation)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [102016 2006-01-16] (Nero AG)
1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [29440 2006-01-16] (Nero AG)
1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [8704 2006-01-15] (Nero AG)
1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [32640 2006-01-17] (Nero AG)
0 intelide; C:\Windows\System32\drivers\intelide.sys [14952 2006-11-02] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [39424 2006-11-02] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47104 2006-11-02] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [65536 2006-11-02] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [99840 2006-11-02] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2006-11-02] (Microsoft Corporation)
4 isapnp; C:\Windows\system32\drivers\isapnp.sys [47208 2006-11-02] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [168552 2006-11-02] (Microsoft Corporation)
4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 K56; C:\Windows\System32\DRIVERS\k56nt.sys [429199 2001-10-15] (Conexant Systems)
1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2012-02-17] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [15872 2012-02-17] (Microsoft Corporation)
3 KeyMaestro; \??\C:\Windows\System32\Drivers\Maestro0.sys [34016 2000-08-07] (Vireo Software)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [408136 2012-02-17] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2006-11-02] (Microsoft Corporation)
4 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [65640 2006-11-02] (LSI Logic)
2 luafv; C:\Windows\system32\drivers\luafv.sys [83456 2006-11-02] (Microsoft Corporation)
3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [9216 2010-04-18] (MBB Incorporated)
2 mdmxsdk; C:\Windows\System32\DRIVERS\mdmxsdk.sys [17744 2001-09-17] (Conexant)
4 megasas; C:\Windows\system32\drivers\megasas.sys [28776 2006-11-02] (LSI Logic Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2006-11-02] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [18432 2006-11-02] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2006-11-02] (Microsoft Corporation)
1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2012-02-17] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2012-02-17] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [54888 2006-11-02] (Microsoft Corporation)
4 mpio; C:\Windows\system32\drivers\mpio.sys [78952 2006-11-02] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [63488 2006-11-02] (Microsoft Corporation)
4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [109568 2006-11-02] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [101888 2006-11-02] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [211456 2006-11-02] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [57856 2006-11-02] (Microsoft Corporation)
4 msahci; C:\Windows\system32\drivers\msahci.sys [23144 2006-11-02] (Microsoft Corporation)
4 msdsm; C:\Windows\system32\drivers\msdsm.sys [80488 2006-11-02] (Microsoft Corporation)
4 MSF32; \??\C:\Program Files\MySecretFolder\MSF32.SYS [43856 2009-03-24] (WinAbility® Software Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2006-11-02] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13928 2006-11-02] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2006-11-02] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2006-11-02] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2006-11-02] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [160872 2006-11-02] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28776 2006-11-02] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2006-11-02] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [46696 2006-11-02] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [154112 2006-11-02] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [500840 2006-11-02] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20480 2006-11-02] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2006-11-02] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2006-11-02] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48640 2006-11-02] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2006-11-02] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [184320 2006-11-02] (Microsoft Corporation)
2 NetProbe; C:\Windows\System32\DRIVERS\netprobe.sys [5365 2009-03-23] ()
4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [45160 2006-11-02] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [34816 2006-11-02] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2006-11-02] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1056360 2006-11-02] (Microsoft Corporation)
4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-01] (N-trig Innovative Technologies)
1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2006-11-02] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11573800 2010-04-03] (NVIDIA Corporation)
4 nvraid; C:\Windows\system32\drivers\nvraid.sys [88680 2006-11-02] (NVIDIA Corporation)
4 nvstor; C:\Windows\system32\drivers\nvstor.sys [40040 2006-11-02] (NVIDIA Corporation)
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [106600 2006-11-02] (Microsoft Corporation)
4 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2006-11-02] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [49256 2006-11-02] (Microsoft Corporation)
2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2006-11-02] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [140392 2006-11-02] (Microsoft Corporation)
4 pciide; C:\Windows\system32\drivers\pciide.sys [13416 2006-11-02] (Microsoft Corporation)
4 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [61440 2006-11-02] (Microsoft Corporation)
4 Processor; C:\Windows\system32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
4 Profos; \??\C:\PROGRA~1\Softwin\BITDEF~1\profos.sys [13184 2006-06-20] ()
1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [70144 2006-11-02] (Microsoft Corporation)
3 PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [38976 2009-10-09] (microOLAP Technologies LTD)
3 PSSDKLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [53312 2009-10-09] (microOLAP Technologies LTD)
4 ql2300; C:\Windows\system32\drivers\ql2300.sys [900712 2006-11-02] (QLogic Corporation)
4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106088 2006-11-02] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2006-11-02] (Microsoft Corporation)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2006-11-02] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [75776 2006-11-02] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2006-11-02] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [222208 2006-11-02] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2006-11-02] (Microsoft Corporation)
4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [242688 2006-11-02] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2006-11-02] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [160256 2006-11-02] (Microsoft Corporation)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22784 2008-04-15] (Research In Motion Limited)
3 Rksample; C:\Windows\System32\DRIVERS\rksample.sys [62134 2001-10-15] (Conexant Systems)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2006-11-02] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2006-11-02] (Microsoft Corporation)
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62976 2008-12-01] (Realtek Semiconductor Corp.)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [119016 2010-07-04] (tzuk)
4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [76392 2006-11-02] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2006-11-01] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2006-11-02] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2012-02-17] (Microsoft Corporation)
4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2006-11-02] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12800 2006-11-02] (Microsoft Corporation)
3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2006-11-02] (Microsoft Corporation)
4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation)
3 sisagp; C:\Windows\system32\drivers\sisagp.sys [53352 2006-11-02] (Microsoft Corporation)
4 SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [38504 2006-11-02] (Silicon Integrated Systems Corp.)
4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [71784 2006-11-02] (Silicon Integrated Systems)
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66048 2006-11-02] (Microsoft Corporation)
2 SoftFax; C:\Windows\System32\DRIVERS\faxnt.sys [215323 2001-10-15] (Conexant Systems)
2 SpeakerPhone; C:\Windows\System32\DRIVERS\spkpnt.sys [80097 2001-10-15] (Conexant Systems)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [18536 2006-11-02] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [290304 2006-11-02] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [129536 2006-11-02] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [85504 2006-11-02] (Microsoft Corporation)
3 STAC97; C:\Windows\System32\drivers\STAC97.sys [123984 2002-02-25] (SigmaTel, Inc.)
2 StreamDispatcher; C:\Windows\System32\DRIVERS\strmdisp.sys [33452 2001-10-18] (Conexant Systems)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12776 2006-11-02] (Microsoft Corporation)
4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] (LSI Logic)
1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [27648 2006-11-02] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2006-11-02] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [28672 2006-11-02] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [68096 2006-11-02] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [50792 2006-11-02] (Microsoft Corporation)
2 Tones; C:\Windows\System32\DRIVERS\tonesnt.sys [59663 2001-10-15] (Conexant Systems)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2006-11-02] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [23040 2006-11-02] (Microsoft Corporation)
3 uagp35; C:\Windows\system32\drivers\uagp35.sys [56936 2006-11-02] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [225280 2006-11-02] (Microsoft Corporation)
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [58472 2006-11-02] (Microsoft Corporation)
4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (ULi Electronics Inc.)
4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2006-11-02] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2006-11-02] (Microsoft Corporation)
4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [38400 2006-11-02] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [191488 2006-11-02] (Microsoft Corporation)
4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] (Microsoft Corporation)
4 usbprint; C:\Windows\system32\drivers\usbprint.sys [18944 2006-11-02] (Microsoft Corporation)
3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2006-11-02] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [54784 2006-11-02] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [132352 2006-11-02] (Microsoft Corporation)
2 V124; C:\Windows\System32\DRIVERS\v124nt.sys [542477 2001-10-15] (Conexant Systems)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2006-11-02] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2006-11-02] (Microsoft Corporation)
3 viaagp; C:\Windows\system32\drivers\viaagp.sys [54376 2006-11-02] (Microsoft Corporation)
4 ViaC7; C:\Windows\system32\drivers\viac7.sys [39424 2006-11-02] (Microsoft Corporation)
4 viaide; C:\Windows\system32\drivers\viaide.sys [17512 2006-11-02] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [50280 2006-11-02] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [290408 2006-11-02] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [208488 2006-11-02] (Microsoft Corporation)
4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [112232 2006-11-02] (VIA Technologies Inc.,Ltd)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
4 Wd; C:\Windows\system32\drivers\wd.sys [19560 2006-11-02] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [495160 2012-02-17] (Microsoft Corporation)
4 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [589104 2001-10-18] (Conexant Systems)
4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2006-11-02] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2006-11-02] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [82560 2006-11-02] (Microsoft Corporation)
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2010-03-24] (ZTE Corporation)
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-18] (ZTE Incorporated)
2 Aspi32; [x]
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFHWBS2.sys [x]
3 HSF_DP; C:\Windows\System32\DRIVERS\HSF_DP.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
0 SR; [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\ac97intc.sys 4B56CAAFED0B0B996341D74CE0E76565
C:\Windows\System32\drivers\acpi.sys 192BDBD1540645C4A2AA69F24CCE197F
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 40C279A23BD43553BFBA6E88A9B38AE2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DRIVERS\avgarkt.sys E8054A423E5D2BDAE6062BAB6DA159C4
C:\Windows\System32\DRIVERS\AvgArCln.sys EC08D1625F5C6CF2A57B79EB35186F8C
C:\Windows\System32\DRIVERS\basic2.sys EFA75A980A81B89328D7556DBB593C82
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys F032A2F91287A0B800891C7BEF9CA7A8
C:\Windows\System32\DRIVERS\e100b325.sys C0B00E55CF82D122D25983C7A6A53DEA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys D71233D7CCC2E64F8715A20428D5A33B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\ERKRmvrDrv.sys B504C8B1C25C543539077D2082770F3D
C:\Windows\System32\DRIVERS\ewusbnet.sys 82E7EB9F12321052CD9A904B13724EE2
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 1ED8599E1E08BA40F2B7301F0B83583A
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GVCplDrv.sys F22BF7F345DF95C09942951246AAA28D
C:\Windows\system32\drivers\hdaudbus.sys 5FD053F305B77EBE97F284B20D89DC1C
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 348C3A9D01E68A0222A246346924AA55
C:\Windows\System32\DRIVERS\ewusbfake.sys 460B1945C3E6B0419A76E1B507B90B71
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\InCDfs.sys 744D80C319BE9EB75CD32E135096824D
C:\Windows\System32\DRIVERS\InCDPass.sys 6F4928E570CE70DD6160B15D0CE83B3F
C:\Windows\System32\Drivers\InCDrec.sys 6A89459E81156D67067FF2B83F9C8D7F
C:\Windows\System32\Drivers\incdrm.sys D9225F114625E1E856A0F676451491AB
C:\Windows\System32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k56nt.sys 78847E99EB1721EF1BAE61FF82B448B8
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Maestro0.sys DEBA65F60FCC5B092907D14815E4F4D7
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\massfilter.sys 0B058116D3D4ECCA7DED38F16E0581B2
C:\Windows\System32\DRIVERS\mdmxsdk.sys 98D8A239489211B2F230267485C5C127
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\drivers\MODEMCSA.sys 7E222A1BAAA42C8559DB2CE8A12AD828
C:\Windows\System32\DRIVERS\monitor.sys EC839BA91E45CCE6EADAFC418FFF8206
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 8D326E8B321685D4784AFA1C55169D73
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 93224014A418B72356462B8F7DE6E8C9
C:\Windows\System32\DRIVERS\mrxsmb.sys FCA7563D87F71C6DB0182CA67CC19AA7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 58A9AB5754FA4CABEDE7401283B5A771
C:\Windows\System32\DRIVERS\mrxsmb20.sys 79B09504E4A790104683722CD04F76B4
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Program Files\MySecretFolder\MSF32.SYS 623323D2C3BCEE53A3286202FB40323E
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 497DE786240303EE67AB01F5690C24C2
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 7584F1794B23B83D63CC124A8C56D103
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 874C12E3AD1431CABC854697D302C563
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netprobe.sys 44831972666E9989B375C05F010944B2
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3F379380A4A2637F559444E338CF1B51
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys C8CB6135884CBC2A10225C4C3CEF0F95
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys 6C359AC71D7B550A0D41F9DB4563CE05
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\PROGRA~1\Softwin\BITDEF~1\profos.sys 0979354E88070D8E4DFA1739F9413E1D
C:\Windows\System32\DRIVERS\pacer.sys B74EDF14453C9987E99E66535047EBEE
C:\Windows\system32\Drivers\pssdk42.sys C8EB36910D3BD582891977E80925E21E
C:\Windows\system32\Drivers\pssdklbf.sys 0BEC7B42F4093400509821C63F13F1D5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\DRIVERS\rksample.sys 15A44A071CB9F347A7DD1AA472C8A747
C:\Windows\System32\Drivers\RootMdm.sys D49D61312B273DE069584D48C81C8B1D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 9B09F336DE36A7A6CA871DE8A7847B65
C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS A3281AEC37E0720A2BC28034C2DF2A56
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 61DB0D0756A99506207FD724E3692B25
C:\Program Files\Sandboxie\SbieDrv.sys 2CDAB8553E703C7754BE9CE1C4454EB5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\faxnt.sys CE8B15455B56A25863211FDDD7B892D6
C:\Windows\System32\DRIVERS\spkpnt.sys 9E9123D5ACA23EB35B7085D9205D5BEE
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2C677528B24D64D22886ECBE5CD97F20
C:\Windows\System32\DRIVERS\srv2.sys 382BAF4DCBD7648CED6C64A8A1E335B2
C:\Windows\System32\DRIVERS\srvnet.sys F8E47A77E1690D8574962B69CB22BEB3
C:\Windows\System32\drivers\STAC97.sys 298A8B2FD4DEE6058FE787364B1CE3EA
C:\Windows\System32\DRIVERS\strmdisp.sys B1CE3325D36A53E168B53513CF278D3F
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\DRIVERS\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tonesnt.sys 0031545CEF1E62BC581ADDFC2871B26A
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys 52DAA1FA3B5A40D6A6627B44C60A9B78
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
C:\Windows\System32\DRIVERS\USBSTOR.SYS FDBAABF07244C60B0F4E0A6E71A107C6
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 0A6B81F01BC86399482E27E6FDA7B33B
C:\Windows\System32\DRIVERS\v124nt.sys F292A8F2AB6B2F4A133005FF2D19C549
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 11EF6C1CAEF76B685233450A126125D6
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSF_CNXT.sys 54320C4539261AC2ACD2C7BEA1A347CC
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 453A60F8DC22FC296BC482CBF3EFF213
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 2A6F72D2B6A549B1FC6A6522BC204159

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-07 23:32 - 2013-04-07 23:32 - 00000000 ___HD C:\Windows\PIF
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-06 20:37 - 2013-04-06 20:37 - 00000000 ____D C:\Program Files\ESET
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:35 - 2013-04-06 19:36 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:19 - 2013-04-06 19:20 - 00003343 ____A C:\Users\admin\Desktop\aswMBR.txt
2013-04-06 19:19 - 2013-04-06 19:20 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 05:04 - 2013-04-06 05:07 - 00014932 ____A C:\Users\admin\Desktop\Show-Hidden.txt
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-06 04:55 - 2013-04-06 04:55 - 00001275 ____A C:\Users\admin\Desktop\RKreport[2]_S_04072013_02d0055.txt
2013-04-06 03:39 - 2013-04-07 23:33 - 00002706 ____A C:\Users\admin\Desktop\Rkill.txt
2013-04-06 03:23 - 2013-04-06 03:23 - 00001245 ____A C:\Users\admin\Desktop\RKreport[1]_S_04062013_02d2323.txt
2013-04-06 03:22 - 2013-04-08 06:28 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-04-06 02:48 - 2013-04-06 02:48 - 00002980 ____A C:\Users\admin\Desktop\usb.txt
2013-04-05 20:55 - 2013-04-05 21:25 - 00000000 ____D C:\ComboFix
2013-04-05 20:21 - 2013-04-05 20:22 - 05047274 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 03:15 - 2013-03-02 21:54 - 00816640 ____A C:\Users\admin\Desktop\RogueKiller.exe
2013-04-05 03:12 - 2012-02-09 16:38 - 00734992 ____A (Greatis Software LLC.) C:\TDLdetect.exe
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
2013-04-04 01:50 - 2013-04-08 06:28 - 00000942 ____A C:\Users\admin\Desktop\BlueScreenView.cfg
2013-04-03 03:57 - 2013-04-03 03:57 - 00153880 ____A C:\Windows\Minidump\Mini040313-04.dmp
2013-04-03 03:50 - 2013-04-03 03:51 - 00153880 ____A C:\Windows\Minidump\Mini040313-03.dmp
2013-04-03 03:49 - 2013-04-03 03:49 - 00000000 ____D C:\Program Files\Softwin
2013-04-03 03:44 - 2013-04-06 19:15 - 00031424 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-04-03 02:48 - 2013-04-03 02:48 - 00000928 ____A C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
2013-04-03 02:48 - 2013-04-03 02:48 - 00000000 ____D C:\Program Files\GRISOFT
2013-04-03 02:48 - 2007-01-18 04:00 - 00003968 ____A (GRISOFT, s.r.o.) C:\Windows\System32\Drivers\AvgArCln.sys
2013-04-02 21:05 - 2013-04-02 21:05 - 00000295 ____A C:\Windows\mbr.log
2013-04-02 20:42 - 2013-04-02 20:42 - 00133392 ____A C:\Windows\Minidump\Mini040313-02.dmp
2013-04-02 20:22 - 2013-04-02 20:22 - 00000892 ____A C:\avenger.txt
2013-04-02 19:21 - 2013-03-17 06:26 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\unhide.exe
2013-04-02 18:49 - 2013-04-02 22:14 - 00000000 ____D C:\Avenger
2013-04-02 18:43 - 2013-04-02 18:43 - 00000674 ____A C:\Users\admin\Desktop\ERUNT.lnk
2013-04-02 18:43 - 2013-04-02 18:43 - 00000000 ____D C:\Program Files\ERUNT
2013-04-02 06:29 - 2013-04-02 06:29 - 00162104 ____A C:\Windows\Minidump\Mini040313-01.dmp
2013-04-02 05:35 - 2013-04-02 05:35 - 00006310 ____A C:\Users\admin\Documents\ice1.log
2013-04-02 04:00 - 2013-04-02 04:00 - 00000000 ____D C:\ProgramData\Sophos
2013-04-02 03:59 - 2013-04-05 03:02 - 00002597 ____A C:\Users\admin\Desktop\Sophos Virus Removal Tool.lnk
2013-04-02 03:59 - 2013-04-02 03:59 - 00000000 ____D C:\Program Files\Sophos
2013-04-01 20:08 - 2009-06-15 12:18 - 00020480 ____A C:\Users\admin\Documents\tracking.log
2013-04-01 19:39 - 2013-04-08 02:40 - 00000000 ____D C:\ProgramData\RegRun
2013-04-01 19:21 - 2013-04-01 19:22 - 00744339 ____A C:\Users\admin\Desktop\PAVARK.exe
2013-04-01 07:10 - 2013-04-01 07:10 - 00016090 ____A C:\Users\admin\Documents\VirusRemover.log
2013-04-01 06:05 - 2013-04-04 02:47 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-04-01 06:02 - 2013-04-01 06:02 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ADMIN-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-04-01 06:00 - 2013-04-01 06:00 - 00000000 ____D C:\RegBackup
2013-04-01 05:48 - 2013-04-01 05:48 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Desktop\OTL.exe
2013-03-31 05:07 - 2013-03-31 05:07 - 00000819 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-03-31 04:40 - 2013-03-02 23:17 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Desktop\tdsskiller.exe
2013-03-31 04:32 - 2013-03-31 04:33 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2013-03-31 04:28 - 2013-03-21 22:02 - 00386464 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\show-hidden.exe
2013-03-31 01:04 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-31 01:04 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-31 01:04 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-30 21:49 - 2013-03-30 21:49 - 00000000 ____A C:\Users\admin\results.html
2013-03-30 21:45 - 2013-03-30 21:45 - 00000000 ____A C:\Users\admin\result.html
2013-03-30 21:21 - 2013-03-30 21:21 - 00000000 ____D C:\Program Files\Webroot
2013-03-30 07:47 - 2013-04-01 15:25 - 00082520 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-03-30 07:45 - 2013-04-08 17:07 - 00002647 ____A C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
2013-03-30 07:45 - 2013-03-30 07:45 - 00001986 ____A C:\Users\Public\Desktop\Vodafone SMS.lnk
2013-03-30 07:45 - 2013-03-30 07:45 - 00000000 ____D C:\ProgramData\Vodafone
2013-03-30 02:48 - 2013-03-30 02:48 - 00011638 ____A C:\MbrFix.htm
2013-03-30 00:54 - 2013-03-30 00:54 - 00003878 ____A C:\Users\admin\Documents\2start.txt
2013-03-28 06:18 - 2013-03-28 06:18 - 00000295 ____A C:\mbr.log
2013-03-27 00:26 - 2013-03-27 00:26 - 00000000 ____D C:\Program Files\Vodafone
2013-03-26 04:56 - 2013-04-06 07:25 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-03-26 04:40 - 2013-03-26 04:40 - 00153928 ____A C:\Windows\Minidump\Mini032713-01.dmp
2013-03-26 00:50 - 2013-03-26 00:50 - 00000000 ____D C:\FRST
2013-03-24 06:57 - 2013-03-31 04:49 - 00000295 ____A C:\Windows\System32\mbr.log
2013-03-22 00:47 - 2013-03-25 06:56 - 00000000 ____D C:\Users\admin\AppData\Local\temp(16)
2013-03-21 22:03 - 2013-03-21 22:08 - 00014918 ____A C:\Users\admin\Documents\Show-Hidden.txt
2013-03-21 21:35 - 2013-03-21 21:35 - 00039956 ____A C:\Users\admin\Documents\HitmanPro_20130322_1735.log
2013-03-21 21:21 - 2013-03-21 21:36 - 00000000 ____D C:\ProgramData\HitmanPro
2013-03-21 20:59 - 2013-03-21 20:59 - 00001342 ____A C:\AdwCleaner[R2].txt
2013-03-21 20:39 - 2013-03-21 20:39 - 00000313 ____A C:\AdwCleaner[S1].txt
2013-03-21 20:38 - 2013-03-21 20:39 - 00001223 ____A C:\AdwCleaner[R1].txt
2013-03-19 20:51 - 2013-03-19 20:51 - 00153928 ____A C:\Windows\Minidump\Mini032013-01.dmp
2013-03-19 20:33 - 2013-03-19 20:33 - 00015384 ____A C:\Users\admin\Documents\drivers cmd.txt
2013-03-19 18:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\nircmd.exe
2013-03-19 04:47 - 2013-03-19 04:48 - 00004484 ____A C:\Users\admin\Documents\startup.txt
2013-03-19 00:48 - 2013-03-30 07:19 - 00000750 ____A C:\Windows\setupact.log
2013-03-19 00:48 - 2013-03-30 07:19 - 00000274 ____A C:\Windows\setuperr.log
2013-03-18 22:58 - 2013-03-18 22:58 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-03-18 19:21 - 2013-03-18 19:21 - 00000960 ____A C:\Users\Public\Desktop\xplorer2.lnk
2013-03-18 19:21 - 2013-03-18 19:21 - 00000000 ____D C:\Program Files\zabkat
2013-03-17 07:35 - 2013-03-17 07:35 - 00153880 ____A C:\Windows\Minidump\Mini031813-01.dmp
2013-03-17 03:39 - 2013-03-30 05:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\Runscanner.net
2013-03-17 02:44 - 2013-04-07 16:03 - 00018417 ____A C:\Users\admin\Desktop\TESTS.txt
2013-03-16 21:21 - 2013-03-16 21:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-03-16 21:21 - 2013-03-16 21:21 - 00001760 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-03-16 21:21 - 2013-03-16 21:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2013-03-12 21:02 - 2013-03-12 21:11 - 00000000 ____D C:\Users\admin\Documents\RK_Quarantine
2013-03-12 20:15 - 2013-03-08 06:35 - 00422512 ___RA C:\Windows\System32\Drivers\etc\hosts.20130313-161538.backup
2013-03-12 19:59 - 2013-03-31 04:43 - 00000000 ____D C:\TDSSKiller_Quarantine


==================== One Month Modified Files and Folders ========

2013-04-09 16:28 - 2009-06-15 17:41 - 00000000 ___RD C:\Users\admin\Desktop\Extraz
2013-04-09 16:11 - 2013-04-09 16:07 - 00002219 ____A C:\Users\admin\Desktop\TESTS1.txt
2013-04-08 19:52 - 2006-11-02 05:01 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-08 19:52 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-08 19:20 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing
2013-04-08 19:06 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-08 19:06 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-08 17:07 - 2013-03-30 07:45 - 00002647 ____A C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
2013-04-08 06:28 - 2013-04-06 03:22 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-04-08 06:28 - 2013-04-04 01:50 - 00000942 ____A C:\Users\admin\Desktop\BlueScreenView.cfg
2013-04-08 06:20 - 2011-12-30 03:39 - 00007786 ____A C:\Users\admin\Desktop\js.txt
2013-04-08 03:26 - 2006-11-02 02:33 - 01591034 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-08 03:15 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.dat
2013-04-08 03:15 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.001
2013-04-08 02:46 - 2012-05-23 00:56 - 00459549 ____A C:\Windows\WindowsUpdate.log
2013-04-08 02:40 - 2013-04-01 19:39 - 00000000 ____D C:\ProgramData\RegRun
2013-04-07 23:33 - 2013-04-06 03:39 - 00002706 ____A C:\Users\admin\Desktop\Rkill.txt
2013-04-07 23:32 - 2013-04-07 23:32 - 00000000 ___HD C:\Windows\PIF
2013-04-07 16:03 - 2013-03-17 02:44 - 00018417 ____A C:\Users\admin\Desktop\TESTS.txt
2013-04-07 06:22 - 2013-02-26 05:23 - 00014492 ____A C:\Windows\PFRO.log
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-07 03:39 - 2009-07-22 05:13 - 00000000 ____D C:\Program Files\Cain
2013-04-07 03:38 - 2011-12-18 03:50 - 00000000 ____D C:\Program Files\CACE Technologies
2013-04-06 20:37 - 2013-04-06 20:37 - 00000000 ____D C:\Program Files\ESET
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:36 - 2013-04-06 19:35 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:20 - 2013-04-06 19:19 - 00003343 ____A C:\Users\admin\Desktop\aswMBR.txt
2013-04-06 19:20 - 2013-04-06 19:19 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 19:15 - 2013-04-03 03:44 - 00031424 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-04-06 07:25 - 2013-03-26 04:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-04-06 05:43 - 2009-09-16 04:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\dvdcss
2013-04-06 05:19 - 2010-10-15 02:56 - 00000000 ____D C:\Program Files\USBScan
2013-04-06 05:07 - 2013-04-06 05:04 - 00014932 ____A C:\Users\admin\Desktop\Show-Hidden.txt
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-06 05:01 - 2009-06-14 17:31 - 00000000 ____D C:\users\admin
2013-04-06 04:55 - 2013-04-06 04:55 - 00001275 ____A C:\Users\admin\Desktop\RKreport[2]_S_04072013_02d0055.txt
2013-04-06 03:23 - 2013-04-06 03:23 - 00001245 ____A C:\Users\admin\Desktop\RKreport[1]_S_04062013_02d2323.txt
2013-04-06 02:48 - 2013-04-06 02:48 - 00002980 ____A C:\Users\admin\Desktop\usb.txt
2013-04-05 21:25 - 2013-04-05 20:55 - 00000000 ____D C:\ComboFix
2013-04-05 21:18 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-04-05 21:15 - 2006-11-02 02:22 - 36438016 ____A C:\Windows\System32\config\software.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 35127296 ____A C:\Windows\System32\config\system.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 09453568 ____A C:\Windows\System32\config\COMPON~3.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 04718592 ____A C:\Windows\System32\config\default.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00057344 ____A C:\Windows\System32\config\sam.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00032768 ____A C:\Windows\System32\config\security.bak
2013-04-05 21:14 - 2011-04-02 06:44 - 00000000 ____D C:\Windows\ERDNT
2013-04-05 20:22 - 2013-04-05 20:21 - 05047274 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 04:34 - 2009-06-14 21:46 - 00000000 ____D C:\Windows\Minidump
2013-04-05 04:33 - 2013-02-26 05:23 - 165885774 ____A C:\Windows\MEMORY.DMP
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
2013-04-05 03:02 - 2013-04-02 03:59 - 00002597 ____A C:\Users\admin\Desktop\Sophos Virus Removal Tool.lnk
2013-04-04 03:01 - 2009-11-02 21:37 - 00000000 ____D C:\ProgramData\eMule
2013-04-04 03:01 - 2009-11-02 21:36 - 00000000 ____D C:\Users\admin\AppData\Local\eMule
2013-04-04 03:00 - 2009-06-14 19:13 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-04-04 03:00 - 2009-06-14 19:10 - 00000000 ____D C:\Program Files\CyberLink
2013-04-04 02:47 - 2013-04-01 06:05 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-04-04 02:31 - 2009-10-28 13:55 - 00000116 ____A C:\Windows\NeroDigital.ini
2013-04-03 03:57 - 2013-04-03 03:57 - 00153880 ____A C:\Windows\Minidump\Mini040313-04.dmp
2013-04-03 03:51 - 2013-04-03 03:50 - 00153880 ____A C:\Windows\Minidump\Mini040313-03.dmp
2013-04-03 03:49 - 2013-04-03 03:49 - 00000000 ____D C:\Program Files\Softwin
2013-04-03 02:48 - 2013-04-03 02:48 - 00000928 ____A C:\Users\Public\Desktop\AVG Anti-Rootkit Free.lnk
2013-04-03 02:48 - 2013-04-03 02:48 - 00000000 ____D C:\Program Files\GRISOFT
2013-04-02 22:14 - 2013-04-02 18:49 - 00000000 ____D C:\Avenger
2013-04-02 21:05 - 2013-04-02 21:05 - 00000295 ____A C:\Windows\mbr.log
2013-04-02 20:42 - 2013-04-02 20:42 - 00133392 ____A C:\Windows\Minidump\Mini040313-02.dmp
2013-04-02 20:22 - 2013-04-02 20:22 - 00000892 ____A C:\avenger.txt
2013-04-02 18:43 - 2013-04-02 18:43 - 00000674 ____A C:\Users\admin\Desktop\ERUNT.lnk
2013-04-02 18:43 - 2013-04-02 18:43 - 00000000 ____D C:\Program Files\ERUNT
2013-04-02 18:41 - 2010-12-04 05:09 - 00000000 ____D C:\Users\admin\Documents\Installers3
2013-04-02 18:24 - 2010-01-06 21:20 - 00000000 ____D C:\Program Files\Avant Browser
2013-04-02 18:21 - 2012-11-26 01:10 - 00000000 ____D C:\Program Files\ProjectX
2013-04-02 06:29 - 2013-04-02 06:29 - 00162104 ____A C:\Windows\Minidump\Mini040313-01.dmp
2013-04-02 05:35 - 2013-04-02 05:35 - 00006310 ____A C:\Users\admin\Documents\ice1.log
2013-04-02 04:00 - 2013-04-02 04:00 - 00000000 ____D C:\ProgramData\Sophos
2013-04-02 03:59 - 2013-04-02 03:59 - 00000000 ____D C:\Program Files\Sophos
2013-04-01 20:58 - 2006-11-02 04:47 - 00340040 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-01 20:57 - 2010-02-09 03:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-04-01 19:22 - 2013-04-01 19:21 - 00744339 ____A C:\Users\admin\Desktop\PAVARK.exe
2013-04-01 15:25 - 2013-03-30 07:47 - 00082520 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2013-04-01 07:10 - 2013-04-01 07:10 - 00016090 ____A C:\Users\admin\Documents\VirusRemover.log
2013-04-01 06:02 - 2013-04-01 06:02 - 00000207 ____A C:\Windows\tweaking.com-regbackup-ADMIN-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2013-04-01 06:00 - 2013-04-01 06:00 - 00000000 ____D C:\RegBackup
2013-04-01 05:59 - 2011-10-23 17:35 - 00000000 ____D C:\Users\admin\Desktop\Tweaking.com - Windows Repair
2013-04-01 05:48 - 2013-04-01 05:48 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Desktop\OTL.exe
2013-03-31 05:07 - 2013-03-31 05:07 - 00000819 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-03-31 04:49 - 2013-03-24 06:57 - 00000295 ____A C:\Windows\System32\mbr.log
2013-03-31 04:43 - 2013-03-12 19:59 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-31 04:33 - 2013-03-31 04:32 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\rkill.exe
2013-03-31 01:04 - 2011-04-02 06:43 - 00000000 ____D C:\Qoobox
2013-03-30 21:49 - 2013-03-30 21:49 - 00000000 ____A C:\Users\admin\results.html
2013-03-30 21:45 - 2013-03-30 21:45 - 00000000 ____A C:\Users\admin\result.html
2013-03-30 21:21 - 2013-03-30 21:21 - 00000000 ____D C:\Program Files\Webroot
2013-03-30 07:45 - 2013-03-30 07:45 - 00001986 ____A C:\Users\Public\Desktop\Vodafone SMS.lnk
2013-03-30 07:45 - 2013-03-30 07:45 - 00000000 ____D C:\ProgramData\Vodafone
2013-03-30 07:19 - 2013-03-19 00:48 - 00000750 ____A C:\Windows\setupact.log
2013-03-30 07:19 - 2013-03-19 00:48 - 00000274 ____A C:\Windows\setuperr.log
2013-03-30 07:19 - 2009-06-20 04:02 - 00044855 ____A C:\Windows\diagerr.xml
2013-03-30 07:19 - 2009-06-20 04:02 - 00002188 ____A C:\Windows\diagwrn.xml
2013-03-30 07:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\registration
2013-03-30 05:35 - 2009-06-15 19:29 - 00000000 ____D C:\Downloaders
2013-03-30 05:29 - 2006-11-02 02:22 - 36175872 ____A C:\Windows\System32\config\software_previous
2013-03-30 05:29 - 2006-11-02 02:22 - 35127296 ____A C:\Windows\System32\config\system_previous
2013-03-30 05:29 - 2006-11-02 02:22 - 09453568 ____A C:\Windows\System32\config\components_previous
2013-03-30 05:29 - 2006-11-02 02:22 - 04718592 ____A C:\Windows\System32\config\default_previous
2013-03-30 05:29 - 2006-11-02 02:22 - 00057344 ____A C:\Windows\System32\config\sam_previous
2013-03-30 05:29 - 2006-11-02 02:22 - 00032768 ____A C:\Windows\System32\config\security_previous
2013-03-30 05:28 - 2013-03-17 03:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Runscanner.net
2013-03-30 05:28 - 2013-03-06 03:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\K-Meleon
2013-03-30 05:28 - 2010-11-16 08:18 - 00000000 ____D C:\Program Files\Common Files\Java
2013-03-30 05:28 - 2010-08-09 11:01 - 00000000 ____D C:\Users\admin\AppData\Local\Basketball (2)
2013-03-30 05:28 - 2010-08-09 11:00 - 00000000 ____D C:\Users\admin\AppData\Local\Google Translator (2)
2013-03-30 05:28 - 2010-04-18 18:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-03-30 05:28 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Google Translator
2013-03-30 05:28 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Daily Crossword
2013-03-30 05:28 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Currency Exchange
2013-03-30 05:28 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Basketball
2013-03-30 05:28 - 2009-06-16 01:23 - 00000000 ____D C:\Users\admin\.smplayer
2013-03-30 05:28 - 2009-06-15 00:21 - 00000000 ____D C:\Windows\pss
2013-03-30 05:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-03-30 05:14 - 2009-06-15 20:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\X-Chat 2
2013-03-30 04:30 - 2013-02-27 20:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-03-30 03:53 - 2009-06-26 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-03-30 02:48 - 2013-03-30 02:48 - 00011638 ____A C:\MbrFix.htm
2013-03-30 00:54 - 2013-03-30 00:54 - 00003878 ____A C:\Users\admin\Documents\2start.txt
2013-03-30 00:45 - 2010-11-16 08:17 - 00000000 ____D C:\Program Files\Java
2013-03-28 06:18 - 2013-03-28 06:18 - 00000295 ____A C:\mbr.log
2013-03-27 00:26 - 2013-03-27 00:26 - 00000000 ____D C:\Program Files\Vodafone
2013-03-26 04:40 - 2013-03-26 04:40 - 00153928 ____A C:\Windows\Minidump\Mini032713-01.dmp
2013-03-26 00:50 - 2013-03-26 00:50 - 00000000 ____D C:\FRST
2013-03-25 07:36 - 2009-06-14 17:32 - 00082520 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-03-25 06:56 - 2013-03-22 00:47 - 00000000 ____D C:\Users\admin\AppData\Local\temp(16)
2013-03-25 06:47 - 2002-01-04 02:18 - 00001356 ____A C:\Users\admin\AppData\Local\d3d9caps.dat
2013-03-25 06:27 - 2010-05-12 23:59 - 00131072 ___RA C:\Windows\System32\Ikeext.etl
2013-03-22 00:06 - 2006-11-02 02:22 - 09453568 ____A C:\Windows\System32\config\COMPON~2.bak
2013-03-21 22:08 - 2013-03-21 22:03 - 00014918 ____A C:\Users\admin\Documents\Show-Hidden.txt
2013-03-21 22:02 - 2013-03-31 04:28 - 00386464 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\show-hidden.exe
2013-03-21 21:36 - 2013-03-21 21:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-03-21 21:35 - 2013-03-21 21:35 - 00039956 ____A C:\Users\admin\Documents\HitmanPro_20130322_1735.log
2013-03-21 20:59 - 2013-03-21 20:59 - 00001342 ____A C:\AdwCleaner[R2].txt
2013-03-21 20:39 - 2013-03-21 20:39 - 00000313 ____A C:\AdwCleaner[S1].txt
2013-03-21 20:39 - 2013-03-21 20:38 - 00001223 ____A C:\AdwCleaner[R1].txt
2013-03-19 20:51 - 2013-03-19 20:51 - 00153928 ____A C:\Windows\Minidump\Mini032013-01.dmp
2013-03-19 20:33 - 2013-03-19 20:33 - 00015384 ____A C:\Users\admin\Documents\drivers cmd.txt
2013-03-19 04:58 - 2013-02-16 05:22 - 00000000 ____D C:\Users\admin\Desktop\mbar
2013-03-19 04:48 - 2013-03-19 04:47 - 00004484 ____A C:\Users\admin\Documents\startup.txt
2013-03-19 04:04 - 2010-05-17 00:05 - 00000105 ____A C:\Windows\System32\_WKERNEL.SYL
2013-03-19 02:32 - 2009-07-09 23:55 - 00000000 ____D C:\Program Files\CDBurnerXP
2013-03-18 22:58 - 2013-03-18 22:58 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-03-18 22:58 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\GroupPolicy
2013-03-18 19:21 - 2013-03-18 19:21 - 00000960 ____A C:\Users\Public\Desktop\xplorer2.lnk
2013-03-18 19:21 - 2013-03-18 19:21 - 00000000 ____D C:\Program Files\zabkat
2013-03-17 17:37 - 2012-11-26 01:26 - 00000000 ____D C:\Program Files\NetworkActiv Sniffer
2013-03-17 17:37 - 2009-06-15 17:54 - 00000000 ____D C:\Program Files\Opera
2013-03-17 07:35 - 2013-03-17 07:35 - 00153880 ____A C:\Windows\Minidump\Mini031813-01.dmp
2013-03-17 06:26 - 2013-04-02 19:21 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\admin\Desktop\unhide.exe
2013-03-16 21:24 - 2013-03-16 21:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-03-16 21:21 - 2013-03-16 21:21 - 00001760 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2013-03-16 21:21 - 2013-03-16 21:21 - 00000000 ____D C:\Users\admin\AppData\Roaming\SUPERAntiSpyware.com
2013-03-16 02:51 - 2009-06-14 18:07 - 00101888 ____A C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-15 05:28 - 2009-06-29 19:55 - 00000000 ____D C:\Users\admin\Documents\docs
2013-03-13 11:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-03-12 21:11 - 2013-03-12 21:02 - 00000000 ____D C:\Users\admin\Documents\RK_Quarantine
2013-03-12 21:06 - 2006-11-02 02:23 - 00000194 ____A C:\Windows\System32\Drivers\etc\hosts_bak_104

==================== Known DLLs ==============================

[2006-11-02 00:51] - [2006-11-02 01:46] - 0523776 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 1314816 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2006-11-02 01:16] - [2006-11-02 01:46] - 0770048 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0454656 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0296448 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2006-11-02 00:49] - [2006-11-02 01:46] - 0266752 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2006-11-02 01:00] - [2006-11-02 01:46] - 0152576 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0115200 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2006-11-02 00:33] - [2006-11-02 01:46] - 0874496 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2006-11-02 00:39] - [2006-11-02 01:46] - 0805888 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2006-11-02 00:30] - [2006-11-02 01:46] - 0681472 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2006-11-02 00:33] - [2006-11-02 00:33] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2006-11-02 00:57] - [2006-11-02 01:46] - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2012-02-17 17:38] - [2012-02-17 17:38] - 0558080 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 0789504 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2012-02-17 17:39] - [2012-02-17 17:39] - 1585664 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 11314688 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0339968 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 1149952 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0502784 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0822272 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2006-11-02 00:58] - [2006-11-02 01:46] - 0178688 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-11-02 00:47] - [2006-11-02 01:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-30 00:44:54
Restore point made on: 2013-03-30 04:01:55
Restore point made on: 2013-03-30 05:16:55
Restore point made on: 2013-03-30 07:44:32
Restore point made on: 2013-04-01 06:01:30
Restore point made on: 2013-04-02 03:58:42
Restore point made on: 2013-04-02 18:22:10

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 1534.94 MB
Available physical RAM: 1156.23 MB
Total Pagefile: 1367.64 MB
Available Pagefile: 1229.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.6 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:74.53 GB) (Free:25.98 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (LRMCFRE_EN_DVD) (CDROM) (Total:2.49 GB) (Free:0 GB) UDF
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1081 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 1024 KB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 75 GB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 999CA4E5

Partition 1:
=========
Hex: 8020210007FEFFFF0008000000E85009
Active: YES
Type: 07 (NTFS)
Size: 75 GB


Last Boot: 2013-04-08 03:23


==================== End Of Log ============================



I remember trying to boot from a xPUD 0.9.2 iso, but it refused to boot from that, i tried it a few times then was force to change boot to hard disk..It only boots from a Windows Vista Installation disk, nothing else :(
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see it, it has attached an ADS to the main system files and calling a service as required

I cannot remove ADS with FRST however, I feel DR Web live CD may do the job but it is a 238Mb download

However, I can use OTL and use that to remove any ADS that I can see plus the service

From the Reatogo desktop

  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#7
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I don't have OTLPE, or do you mean OTL?

could I know which files you think it has attached ads to and how do you know that its an ads infection?

some other experts couldn't find anything..

Edited by stemoc, 25 April 2013 - 05:56 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
C:\Windows\System32\DRIVERS\USBSTOR.SYS FDBAABF07244C60B0F4E0A6E71A107C6

The bolded parts are the ADS

As you booted from the CD, on the Reatogo desktop should be the OTL programme
  • 0

#9
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
As mentioned, I do not have OTLPE (file is too large for my data plan), i booted from the windows Vista installation disc and ran the FRST scanner via USB. OTL crashes everytime I run it usually while scanning services.If it is infected via ads, is there any way to fix this?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately the only way to kill this with certainty would be to attack it from outside of windows

That will require a large download of either Dr Web or OTLPE...

The other option would be a full reformat and install
  • 0

Advertisements


#11
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I did have Dr Web and i deleted it a few times because I blame it for the virus..I still have some of its remnants in the registry which is impossible to delete due to permissions (inherited). My pc i s quite old, i tried with Xpud but my PC doesn't boot with anything but a Windows vista installation disk so i'm not sure how a live CD would help..
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The Dr Web live CD does all the work from a Linux base so windows is not active

Maybe a full reformat would be best
  • 0

#13
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
so the answer to everything is a "reformat"? I believe you in regards to the virus using ADS to control and manipulate services but what i want to know is how to remove it cause i feel it has written itself to all major .sys files and services. Is it a virus as in does it have a place where it hid itself and can be found and removed or has the virus implemented itself into the system... I feel the virus has either hid itself or has manipulated this file

C:\Windows\System32\config\system

yes that controls the registry but i can't find it in the registry or i don't really know where to look...I see it running in the background all the time manipulating every service that tries to search for it and even the browser from time to time which scares me cause i'm worried it might steal my passwords..is there any other option apart from Dr Web live CD or any LiveCD (since my PC refuses to run Live CD's) for that matter or a full reformat?.

Any other test i can run?

Edited by stemoc, 28 April 2013 - 09:54 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not really the sure fire way to remove it is to reformat the system as everything will then be wiped and you will start with a clean slate. I can assist in that if you wish
  • 0

#15
stemoc

stemoc

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
a few malware experts on geektogo's and bleeping computer's IRC think you got it wrong as those md5's do not show an ads infection..

anyways, i can no longer run any tool including gmer or dds as i get hit by BSOD's.. the recent ones were

DRIVER_CORRUPTED_EXPOOL
IRQL_NOT_LESS_OR_EQUAL
PAGE_FAULT_IN_NONPAGED_AREA
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP