Do you have any minidump files in C:\windows\minidump ? I would suggest at this stage a full reformat
Rootkit infection in SYSTEM (PID 4) [Solved]
Started by
stemoc
, Apr 21 2013 07:33 PM
-
This topic is locked
#16
Posted 30 April 2013 - 07:19 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Do you have any minidump files in C:\windows\minidump ? I would suggest at this stage a full reformat
#17
Posted 30 April 2013 - 09:49 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
yes atleast 17 files, nearly all crashes involve ntoskrnl.exe conflicting with another driver...the last one involved
DRIVER_CORRUPTED_EXPOOL
dxgkrnl.sys
mbr.sys
ntoskrnl.exe
USBPORT.SYS
DRIVER_CORRUPTED_EXPOOL
dxgkrnl.sys
mbr.sys
ntoskrnl.exe
USBPORT.SYS
#18
Posted 01 May 2013 - 08:46 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Have you recently updated any drivers as that is the usual cause for that error
#19
Posted 01 May 2013 - 08:48 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
nope, i avoid updating cause my system is old and updated drivers become a bit buggy..
anyways, can you tell me what may be the hidden SYSTEM PID 4(-) I keep seeing in the resource monitor which manipulates all my scanners especially those that check for FAKED/patched system files so that i can ask other people for help regarding this?
anyways, can you tell me what may be the hidden SYSTEM PID 4(-) I keep seeing in the resource monitor which manipulates all my scanners especially those that check for FAKED/patched system files so that i can ask other people for help regarding this?
#20
Posted 02 May 2013 - 07:28 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I am unable to determine that from what I have seen so far, without the ability to do an external virus scan I am not sure that I will be able to
#21
Posted 02 May 2013 - 09:28 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
yes i know its unfortunate, yesterday i removed old versions of java and during the uninstallation, the virus wrote well over a megabyte of data which is the highest i have seen it write. That dash is the "hidden" location of the virus which my PC doesn't have the "permission" to see though i'm running on an administrator account as that hidden file has SYSTEM permission which is more than what an administrator has..I would like to know if you have encountered similar viruses so that i can match what i have to those to see any resemblance and just maybe a cure..
tried to do a security update
Security Update for Windows (KB958644)
the virus took control of the update via VSSVC and one of the svchost and prevented me from updating the security problem which dealt with Remote Code Execution
tried to do a security update
Security Update for Windows (KB958644)
the virus took control of the update via VSSVC and one of the svchost and prevented me from updating the security problem which dealt with Remote Code Execution
Edited by stemoc, 02 May 2013 - 10:29 PM.
#22
Posted 03 May 2013 - 07:23 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
No I have not come across this before... I have re-read the entire thread and I would like to try something
Download the attached Fixlist.txt to the same USB as FRST
Run FRST as before from the Vista recovery Console
Press Fix
Reboot and let me know the result
Download the attached Fixlist.txt to the same USB as FRST
Run FRST as before from the Vista recovery Console
Press Fix
Reboot and let me know the result
#23
Posted 03 May 2013 - 10:37 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
someone told me SR was system restore so i ignored it uptil now..if u can confirm its not, I will run that test..
anyways, a weird thing happened, I tried to run GMER because it also detected a SR service previously..this time i decided to see which files gmer reads by opening the resource monitor underneath it, as you can see in the pic below, GMER froze (the white box) while trying to read "\Device\Harddisk0\DR0\", the size it was reading was 512 and since i have been trying to fight this infection for 10 weeks now, i know 512bytes is typically the same size of MBR, it started working about 60 seconds later and it warned me that it has found a rootkit infection (as usual). Thought i should post this to help you
anyways, a weird thing happened, I tried to run GMER because it also detected a SR service previously..this time i decided to see which files gmer reads by opening the resource monitor underneath it, as you can see in the pic below, GMER froze (the white box) while trying to read "\Device\Harddisk0\DR0\", the size it was reading was 512 and since i have been trying to fight this infection for 10 weeks now, i know 512bytes is typically the same size of MBR, it started working about 60 seconds later and it warned me that it has found a rootkit infection (as usual). Thought i should post this to help you
Edited by stemoc, 03 May 2013 - 11:14 PM.
#24
Posted 04 May 2013 - 04:58 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes run the FRST as I do not now believe that to be system restore
Also could you post the GMER log
Also could you post the GMER log
#25
Posted 04 May 2013 - 07:45 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
I ran FRST, it did not detect it, i later ran GMER, it detected it again (sorry, no log, it froze and when i tried to save it, it only saved the rootkit section, not the "service" section where SR is listed as "boot")
to be safe, i doubled checked SR in the registry, and it is definitely a service for system restore (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SR) set to start on BOOT (0)
I tried deleting it via GMER too
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-05 02:55:28
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST380215A rev.3.AAD 74.53GB
Running: 3q9c0z12.exe; Driver: C:\Users\admin\AppData\Local\Temp\agrcrpod.sys
---- Kernel code sections - GMER 2.1 ----
? C:\Windows\system32\drivers\TrueSight.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\admin\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP152.SYS The system cannot find the file specified. !
---- EOF - GMER 2.1 ----
I put my PC to sleep last night and when i came back, it won't start and when i tried, i got those long continuous beeps...i removed all RAMs, CmOS, tried jumper even the video car and it won't start, banged my head with this for 3 hours before just punching the PC..it booted up, but it looks like one of my RAM is now dead...not sure if the virus can kill my RAM but slowly my system is failing
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 53 days old)
Ran by SYSTEM at 05-05-2013 15:13:51
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry ================================
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [24576 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2923520 2006-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 183.81.133.151
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
============== Services =========================
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [58880 2006-11-02] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2006-11-02] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 Audiosrv; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [317440 2006-11-02] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [750080 2010-07-18] (Microsoft Corporation)
2 Browser; C:\Windows\System32\browser.dll [81408 2006-11-02] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [59392 2006-11-01] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2006-11-02] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [123392 2006-11-02] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
3 DFSR; C:\Windows\System32\DFSR.exe [2089984 2006-11-02] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204800 2006-11-02] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [83968 2006-11-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [146944 2006-11-02] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [134656 2006-11-02] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [34816 2006-11-02] (Microsoft Corporation)
4 ehRecvr; C:\Windows\ehome\ehRecvr.exe [291840 2006-11-02] (Microsoft Corporation)
4 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
4 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
3 EMDMgmt; C:\Windows\System32\emdmgmt.dll [560640 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [259584 2006-11-02] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [12800 2006-11-02] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2006-11-02] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [569344 2006-11-02] (Microsoft Corporation)
2 hidserv; C:\Windows\System32\hidserv.dll [25600 2006-11-02] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [69120 2006-11-02] (Microsoft Corporation)
4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
4 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [741376 2006-11-02] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [416768 2006-11-02] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [74240 2006-11-02] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [177664 2006-11-02] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
2 KtmRm; C:\Windows\System32\msdtckrm.dll [284672 2006-11-02] (Microsoft Corporation)
4 LanmanServer; C:\Windows\System32\srvsvc.dll [121344 2006-11-02] (Microsoft Corporation)
3 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [156160 2006-11-02] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188416 2006-11-02] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [51712 2006-11-02] (Microsoft Corporation)
3 MMCSS; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [395264 2006-11-02] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [106496 2006-11-02] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [111104 2006-11-02] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [71680 2006-11-02] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [277504 2006-11-02] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [273920 2006-11-02] (Microsoft Corporation)
3 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator [122880 2006-11-02] (Microsoft Corporation)
3 NetPipeActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
2 netprofm; C:\Windows\System32\netprofm.dll [235520 2006-11-02] (Microsoft Corporation)
3 NetTcpActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
3 NlaSvc; C:\Windows\System32\nlasvc.dll [171520 2006-11-02] (Microsoft Corporation)
3 nsi; C:\Windows\System32\nsisvc.dll [18432 2006-11-02] (Microsoft Corporation)
2 nvsvc; C:\Windows\System32\nvvsvc.exe [129640 2010-04-02] (NVIDIA Corporation)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-25] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-25] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2006-11-02] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1499136 2006-11-02] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [221696 2012-02-17] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [361984 2006-11-02] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242176 2006-11-02] (Microsoft Corporation)
4 RasAuto; C:\Windows\System32\rasauto.dll [90624 2006-11-02] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [234496 2006-11-02] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [65536 2006-11-02] (Microsoft Corporation)
4 RemoteRegistry; C:\Windows\System32\regsvc.dll [105984 2006-11-02] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [7680 2006-11-02] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
1 SamSs; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2006-11-02] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [595456 2012-02-17] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [102912 2006-11-02] (Microsoft Corporation)
2 seclogon; C:\Windows\system32\seclogon.dll [19968 2006-11-02] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [47104 2006-11-02] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [92160 2006-11-02] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [286720 2006-11-02] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [9728 2006-11-02] (Microsoft Corporation)
2 slsvc; C:\Windows\System32\SLsvc.exe [2592256 2006-11-02] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [57344 2006-11-02] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [124928 2006-11-02] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155136 2006-11-02] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [451584 2006-11-02] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [292864 2006-11-02] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [540672 2006-11-02] (Microsoft Corporation)
4 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation)
2 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2006-11-02] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [54784 2006-11-02] (Microsoft Corporation)
2 TermService; C:\Windows\System32\termsrv.dll [427520 2006-11-02] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
3 TrkWks; C:\Windows\System32\trkwks.dll [75264 2006-11-02] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [27136 2012-02-17] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2006-11-02] (Microsoft Corporation)
2 upnphost; C:\Windows\System32\upnphost.dll [259072 2006-11-02] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [28672 2006-11-02] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [392704 2006-11-02] (Microsoft Corporation)
4 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-09-17] (Vodafone)
3 VSS; C:\Windows\System32\vssvc.exe [924160 2006-11-02] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [270848 2006-11-02] (Microsoft Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [249344 2006-11-02] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation)
2 WdiServiceHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
4 WebClient; C:\Windows\System32\webclnt.dll [194048 2006-11-02] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [63488 2006-11-02] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [127488 2006-11-02] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [263272 2006-11-02] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [376832 2006-11-02] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [161280 2006-11-02] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [450048 2006-11-02] (Microsoft Corporation)
4 Wlansvc; C:\Windows\System32\wlansvc.dll [502784 2006-11-02] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [137216 2006-11-02] (Microsoft Corporation)
4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [895488 2006-11-02] (Microsoft Corporation)
4 WPCSvc; C:\Windows\System32\wpcsvc.dll [141824 2006-11-02] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [70144 2006-11-02] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [52224 2006-11-02] (Microsoft Corporation)
4 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [287744 2006-11-02] (Microsoft Corporation)
3 wuauserv; C:\Windows\System32\wuaueng.dll [1929952 2010-07-18] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [55296 2006-11-02] (Microsoft Corporation)
4 PQEHM; C:\Users\admin\AppData\Local\Temp\PQEHM.exe [x]
==================== Drivers ===============================
0 19kzdy5e; C:\Windows\System32\Drivers\19kzdy5e.sys [35904 2013-04-30] (VirusBlokAda Ltd.)
3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
0 ACPI; C:\Windows\System32\drivers\acpi.sys [255592 2006-11-02] (Microsoft Corporation)
4 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [420968 2006-11-02] (Adaptec, Inc.)
4 adpahci; C:\Windows\system32\drivers\adpahci.sys [297576 2006-11-02] (Adaptec, Inc.)
4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [98408 2006-11-02] (Adaptec, Inc.)
4 adpu320; C:\Windows\system32\drivers\adpu320.sys [147048 2006-11-02] (Adaptec, Inc.)
1 AFD; C:\Windows\system32\drivers\afd.sys [270336 2006-11-02] (Microsoft Corporation)
0 agp440; C:\Windows\System32\DRIVERS\agp440.sys [53864 2006-11-02] (Microsoft Corporation)
4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [71272 2006-11-02] (Adaptec, Inc.)
4 aliide; C:\Windows\system32\drivers\aliide.sys [14952 2006-11-02] (Acer Laboratories Inc.)
3 amdagp; C:\Windows\system32\drivers\amdagp.sys [54888 2006-11-02] (Microsoft Corporation)
4 amdide; C:\Windows\system32\drivers\amdide.sys [15464 2006-11-02] (Microsoft Corporation)
4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [38912 2006-11-02] (Microsoft Corporation)
4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [40960 2006-11-02] (Microsoft Corporation)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
4 arc; C:\Windows\system32\drivers\arc.sys [67688 2006-11-02] (Adaptec, Inc.)
4 arcsas; C:\Windows\system32\drivers\arcsas.sys [67688 2006-11-02] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2006-11-02] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [19048 2006-11-02] (Microsoft Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2006-11-02] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2006-11-02] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] (Brother Industries, Ltd.)
4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] (Brother Industries Ltd.)
4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2006-11-02] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2006-11-02] (Microsoft Corporation)
4 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2006-11-02] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [224824 2012-02-17] (Microsoft Corporation)
4 cmdide; C:\Windows\system32\drivers\cmdide.sys [16488 2006-11-02] (CMD Technology, Inc.)
4 Compbatt; C:\Windows\system32\drivers\compbatt.sys [18280 2006-11-02] (Microsoft Corporation)
3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()
0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [22632 2006-11-02] (Microsoft Corporation)
4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [38912 2006-11-02] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [74752 2006-11-02] (Microsoft Corporation)
0 disk; C:\Windows\System32\drivers\disk.sys [52840 2006-11-02] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2006-11-02] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [617472 2006-11-02] (Microsoft Corporation)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [163328 2006-11-01] (Intel Corporation)
3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [117760 2006-11-01] (Intel Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [132200 2006-11-02] (Microsoft Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
4 elxstor; C:\Windows\system32\drivers\elxstor.sys [316520 2006-11-02] (Emulex)
3 ERmvrDrv; \??\C:\Windows\system32\drivers\ERKRmvrDrv.sys [31424 2013-04-06] ()
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [112128 2009-07-22] (Huawei Technologies Co., Ltd.)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [142336 2006-11-02] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2006-11-02] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [56424 2006-11-02] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2006-11-02] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2006-11-02] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [183912 2006-11-02] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [12800 2006-11-02] (Microsoft Corporation)
3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [58984 2006-11-02] (Microsoft Corporation)
3 GVCplDrv; C:\Windows\System32\Drivers\GVCplDrv.sys [23040 2004-05-02] ()
4 HDAudBus; C:\Windows\system32\drivers\hdaudbus.sys [53248 2006-11-01] (Microsoft Corporation)
4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] (Microsoft Corporation)
4 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12288 2006-11-02] (Microsoft Corporation)
4 HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [37480 2006-11-02] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [396800 2011-04-02] (Microsoft Corporation)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102912 2009-07-22] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-22] (Huawei Technologies Co., Ltd.)
4 i2omp; C:\Windows\system32\drivers\i2omp.sys [27752 2006-11-02] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2012-02-17] (Microsoft Corporation)
4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [232040 2006-11-02] (Intel Corporation)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
0 intelide; C:\Windows\System32\drivers\intelide.sys [14952 2006-11-02] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [39424 2006-11-02] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47104 2006-11-02] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [65536 2006-11-02] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [99840 2006-11-02] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2006-11-02] (Microsoft Corporation)
4 isapnp; C:\Windows\system32\drivers\isapnp.sys [47208 2006-11-02] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [168552 2006-11-02] (Microsoft Corporation)
4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2012-02-17] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [15872 2012-02-17] (Microsoft Corporation)
3 KeyMaestro; \??\C:\Windows\System32\Drivers\Maestro0.sys [34016 2000-08-07] (Vireo Software)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [408136 2012-02-17] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2006-11-02] (Microsoft Corporation)
4 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [65640 2006-11-02] (LSI Logic)
2 luafv; C:\Windows\system32\drivers\luafv.sys [83456 2006-11-02] (Microsoft Corporation)
3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [9216 2010-04-18] (MBB Incorporated)
4 megasas; C:\Windows\system32\drivers\megasas.sys [28776 2006-11-02] (LSI Logic Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2006-11-02] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [18432 2006-11-02] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2006-11-02] (Microsoft Corporation)
1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2012-02-17] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2012-02-17] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [54888 2006-11-02] (Microsoft Corporation)
4 mpio; C:\Windows\system32\drivers\mpio.sys [78952 2006-11-02] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [63488 2006-11-02] (Microsoft Corporation)
4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [109568 2006-11-02] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [101888 2006-11-02] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [211456 2006-11-02] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [57856 2006-11-02] (Microsoft Corporation)
4 msahci; C:\Windows\system32\drivers\msahci.sys [23144 2006-11-02] (Microsoft Corporation)
4 msdsm; C:\Windows\system32\drivers\msdsm.sys [80488 2006-11-02] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2006-11-02] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13928 2006-11-02] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2006-11-02] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2006-11-02] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2006-11-02] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [160872 2006-11-02] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28776 2006-11-02] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2006-11-02] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [46696 2006-11-02] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [154112 2006-11-02] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [500840 2006-11-02] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20480 2006-11-02] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2006-11-02] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2006-11-02] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48640 2006-11-02] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2006-11-02] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [184320 2006-11-02] (Microsoft Corporation)
2 NetProbe; C:\Windows\System32\DRIVERS\netprobe.sys [5365 2009-03-23] ()
4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [45160 2006-11-02] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [34816 2006-11-02] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2006-11-02] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1056360 2006-11-02] (Microsoft Corporation)
4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-01] (N-trig Innovative Technologies)
1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2006-11-02] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11573800 2010-04-03] (NVIDIA Corporation)
4 nvraid; C:\Windows\system32\drivers\nvraid.sys [88680 2006-11-02] (NVIDIA Corporation)
4 nvstor; C:\Windows\system32\drivers\nvstor.sys [40040 2006-11-02] (NVIDIA Corporation)
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [106600 2006-11-02] (Microsoft Corporation)
4 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2006-11-02] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [49256 2006-11-02] (Microsoft Corporation)
2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2006-11-02] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [140392 2006-11-02] (Microsoft Corporation)
4 pciide; C:\Windows\system32\drivers\pciide.sys [13416 2006-11-02] (Microsoft Corporation)
4 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [61440 2006-11-02] (Microsoft Corporation)
4 Processor; C:\Windows\system32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [64392 2013-05-03] (Sysinternals - www.sysinternals.com)
1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [70144 2006-11-02] (Microsoft Corporation)
3 PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [38976 2009-10-09] (microOLAP Technologies LTD)
3 PSSDKLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [53312 2009-10-09] (microOLAP Technologies LTD)
4 ql2300; C:\Windows\system32\drivers\ql2300.sys [900712 2006-11-02] (QLogic Corporation)
4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106088 2006-11-02] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2006-11-02] (Microsoft Corporation)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2006-11-02] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [75776 2006-11-02] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2006-11-02] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [222208 2006-11-02] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2006-11-02] (Microsoft Corporation)
4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [242688 2006-11-02] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2006-11-02] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [160256 2006-11-02] (Microsoft Corporation)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22784 2008-04-15] (Research In Motion Limited)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2006-11-02] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2006-11-02] (Microsoft Corporation)
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62976 2008-12-01] (Realtek Semiconductor Corp.)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [76392 2006-11-02] (Microsoft Corporation)
3 SDTHelper; \??\C:\Users\admin\Desktop\Extraz\radix\sdthlpr.sys [14937 2010-09-05] ()
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2006-11-01] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2006-11-02] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2012-02-17] (Microsoft Corporation)
4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2006-11-02] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12800 2006-11-02] (Microsoft Corporation)
3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2006-11-02] (Microsoft Corporation)
4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation)
3 sisagp; C:\Windows\system32\drivers\sisagp.sys [53352 2006-11-02] (Microsoft Corporation)
4 SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [38504 2006-11-02] (Silicon Integrated Systems Corp.)
4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [71784 2006-11-02] (Silicon Integrated Systems)
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66048 2006-11-02] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [18536 2006-11-02] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [290304 2006-11-02] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [129536 2006-11-02] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [85504 2006-11-02] (Microsoft Corporation)
3 STAC97; C:\Windows\System32\drivers\STAC97.sys [123984 2002-02-25] (SigmaTel, Inc.)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12776 2006-11-02] (Microsoft Corporation)
4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] (LSI Logic)
1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [27648 2006-11-02] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2006-11-02] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [28672 2006-11-02] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [68096 2006-11-02] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [50792 2006-11-02] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2006-11-02] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [23040 2006-11-02] (Microsoft Corporation)
3 uagp35; C:\Windows\system32\drivers\uagp35.sys [56936 2006-11-02] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [225280 2006-11-02] (Microsoft Corporation)
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [58472 2006-11-02] (Microsoft Corporation)
4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (ULi Electronics Inc.)
4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2006-11-02] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2006-11-02] (Microsoft Corporation)
4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [38400 2006-11-02] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [191488 2006-11-02] (Microsoft Corporation)
4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] (Microsoft Corporation)
4 usbprint; C:\Windows\system32\drivers\usbprint.sys [18944 2006-11-02] (Microsoft Corporation)
3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2006-11-02] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [54784 2006-11-02] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [132352 2006-11-02] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2006-11-02] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2006-11-02] (Microsoft Corporation)
3 viaagp; C:\Windows\system32\drivers\viaagp.sys [54376 2006-11-02] (Microsoft Corporation)
4 ViaC7; C:\Windows\system32\drivers\viac7.sys [39424 2006-11-02] (Microsoft Corporation)
4 viaide; C:\Windows\system32\drivers\viaide.sys [17512 2006-11-02] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [50280 2006-11-02] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [290408 2006-11-02] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [208488 2006-11-02] (Microsoft Corporation)
4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [112232 2006-11-02] (VIA Technologies Inc.,Ltd)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
4 Wd; C:\Windows\system32\drivers\wd.sys [19560 2006-11-02] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [495160 2012-02-17] (Microsoft Corporation)
4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2006-11-02] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2006-11-02] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [82560 2006-11-02] (Microsoft Corporation)
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2010-03-24] (ZTE Corporation)
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-18] (ZTE Incorporated)
2 Aspi32; [x]
3 basic2; C:\Windows\System32\DRIVERS\basic2.sys [x]
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFHWBS2.sys [x]
3 HSF_DP; C:\Windows\System32\DRIVERS\HSF_DP.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 Rksample; C:\Windows\System32\DRIVERS\rksample.sys [x]
0 SR; [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
4 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\Drivers\19kzdy5e.sys 04F76BC3AFF4DD42A0FF860C8E70ACC8
C:\Windows\System32\drivers\ac97intc.sys 4B56CAAFED0B0B996341D74CE0E76565
C:\Windows\System32\drivers\acpi.sys 192BDBD1540645C4A2AA69F24CCE197F
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 40C279A23BD43553BFBA6E88A9B38AE2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys F032A2F91287A0B800891C7BEF9CA7A8
C:\Windows\System32\DRIVERS\e100b325.sys C0B00E55CF82D122D25983C7A6A53DEA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys D71233D7CCC2E64F8715A20428D5A33B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\ERKRmvrDrv.sys B504C8B1C25C543539077D2082770F3D
C:\Windows\System32\DRIVERS\ewusbnet.sys 82E7EB9F12321052CD9A904B13724EE2
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 1ED8599E1E08BA40F2B7301F0B83583A
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GVCplDrv.sys F22BF7F345DF95C09942951246AAA28D
C:\Windows\system32\drivers\hdaudbus.sys 5FD053F305B77EBE97F284B20D89DC1C
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 348C3A9D01E68A0222A246346924AA55
C:\Windows\System32\DRIVERS\ewusbfake.sys 460B1945C3E6B0419A76E1B507B90B71
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Maestro0.sys DEBA65F60FCC5B092907D14815E4F4D7
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\massfilter.sys 0B058116D3D4ECCA7DED38F16E0581B2
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\drivers\MODEMCSA.sys 7E222A1BAAA42C8559DB2CE8A12AD828
C:\Windows\System32\DRIVERS\monitor.sys EC839BA91E45CCE6EADAFC418FFF8206
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 8D326E8B321685D4784AFA1C55169D73
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 93224014A418B72356462B8F7DE6E8C9
C:\Windows\System32\DRIVERS\mrxsmb.sys FCA7563D87F71C6DB0182CA67CC19AA7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 58A9AB5754FA4CABEDE7401283B5A771
C:\Windows\System32\DRIVERS\mrxsmb20.sys 79B09504E4A790104683722CD04F76B4
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 497DE786240303EE67AB01F5690C24C2
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 7584F1794B23B83D63CC124A8C56D103
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 874C12E3AD1431CABC854697D302C563
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netprobe.sys 44831972666E9989B375C05F010944B2
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3F379380A4A2637F559444E338CF1B51
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys C8CB6135884CBC2A10225C4C3CEF0F95
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys 6C359AC71D7B550A0D41F9DB4563CE05
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PROCMON23.SYS 0525F70EE0806F1A3D614A3A19057AA5
C:\Windows\System32\DRIVERS\pacer.sys B74EDF14453C9987E99E66535047EBEE
C:\Windows\system32\Drivers\pssdk42.sys C8EB36910D3BD582891977E80925E21E
C:\Windows\system32\Drivers\pssdklbf.sys 0BEC7B42F4093400509821C63F13F1D5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\Drivers\RootMdm.sys D49D61312B273DE069584D48C81C8B1D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 9B09F336DE36A7A6CA871DE8A7847B65
C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS A3281AEC37E0720A2BC28034C2DF2A56
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 61DB0D0756A99506207FD724E3692B25
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Users\admin\Desktop\Extraz\radix\sdthlpr.sys E81D58E1B9B6D1158CB1A9DA867179D7
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2C677528B24D64D22886ECBE5CD97F20
C:\Windows\System32\DRIVERS\srv2.sys 382BAF4DCBD7648CED6C64A8A1E335B2
C:\Windows\System32\DRIVERS\srvnet.sys F8E47A77E1690D8574962B69CB22BEB3
C:\Windows\System32\drivers\STAC97.sys 298A8B2FD4DEE6058FE787364B1CE3EA
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\DRIVERS\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys 52DAA1FA3B5A40D6A6627B44C60A9B78
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
C:\Windows\System32\DRIVERS\USBSTOR.SYS FDBAABF07244C60B0F4E0A6E71A107C6
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 0A6B81F01BC86399482E27E6FDA7B33B
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 11EF6C1CAEF76B685233450A126125D6
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 453A60F8DC22FC296BC482CBF3EFF213
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 2A6F72D2B6A549B1FC6A6522BC204159
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-05 15:13 - 2013-05-05 15:13 - 00001565 ____A C:\RKreport[5]_S_05052013_02d1513.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001813 ____A C:\RKreport[4]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001491 ____A C:\RKreport[3]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001454 ____A C:\RKreport[2]_S_05052013_02d1512.txt
2013-05-05 15:11 - 2013-05-05 15:11 - 00001716 ____A C:\RKreport[1]_S_05052013_02d1511.txt
2013-05-05 15:09 - 2013-05-05 15:09 - 00000000 ____D C:\RK_Quarantine
2013-05-04 17:00 - 2013-05-04 17:00 - 1877077796 ____A C:\Windows\Procmon.pmb
2013-05-04 06:55 - 2013-05-04 06:55 - 00000714 ____A C:\Users\admin\Documents\efsefse.log
2013-05-04 05:56 - 2013-05-04 05:56 - 00000512 ____A C:\Users\admin\Desktop\MBRCheck_MBR_Backup_05-05-13_01-56-39.bak
2013-05-04 05:51 - 2013-05-04 05:56 - 00011105 ____A C:\Users\admin\Desktop\MBRCheck_05.05.13_01.51.54.txt
2013-05-04 01:08 - 2013-05-04 01:08 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (32bit)(1-click run)(registered)
2013-05-04 01:06 - 2013-05-04 01:06 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (64bit)(1-click run)(registered)
2013-05-04 00:35 - 2013-05-04 00:35 - 00399124 ____A C:\Users\admin\Desktop\checkdisk.zip
2013-05-04 00:33 - 2013-05-04 00:33 - 00080384 ____A C:\Users\admin\Desktop\MBRCheck.exe
2013-05-03 19:30 - 2013-05-03 19:30 - 00347424 ____A (Microsoft Corporation) C:\Users\admin\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2013-05-03 06:50 - 2013-05-03 06:50 - 00064392 ___AH (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON23.SYS
2013-05-02 20:46 - 2013-05-02 20:46 - 03152316 ____A C:\Users\admin\Desktop\servicez.reg
2013-05-02 20:39 - 2013-05-02 20:39 - 00017452 ____A C:\Users\admin\Desktop\confi.txt
2013-05-02 19:58 - 2013-05-02 19:58 - 00426668 ____A C:\Users\admin\Desktop\Windows6.0-KB958644-x86.msu
2013-05-02 01:57 - 2013-05-02 01:56 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-02 01:57 - 2013-05-02 01:56 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-02 01:57 - 2013-05-02 01:56 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-01 04:50 - 2013-05-01 04:51 - 00000000 ___SD C:\32788R22FWJFW
2013-04-30 21:03 - 2013-04-30 22:06 - 00000000 ____D C:\ComboFix
2013-04-30 20:04 - 2013-04-30 20:04 - 05061928 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-30 18:31 - 2013-04-30 18:48 - 00000460 ____A C:\Users\admin\Desktop\SystemLook.txt
2013-04-30 18:29 - 2013-04-30 18:29 - 00139264 ____A C:\Users\admin\Desktop\SystemLook.exe
2013-04-30 04:45 - 2013-04-30 04:45 - 00185344 ____A C:\Windows\System32\Drivers\KeDetective130.sys
2013-04-30 04:02 - 2013-04-30 04:02 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\System32\Drivers\19kzdy5e.sys
2013-04-29 06:29 - 2013-04-29 06:29 - 00000000 ____D C:\FU_Backup
2013-04-29 05:25 - 2013-04-29 05:25 - 00153880 ____A C:\Windows\Minidump\Mini043013-01.dmp
2013-04-27 21:52 - 2013-04-27 21:52 - 00000616 ____A C:\Users\admin\Desktop\Downloads - Shortcut.lnk
2013-04-27 04:39 - 2013-04-27 04:40 - 00131072 ____A C:\Windows\Minidump\Mini042813-01.dmp
2013-04-26 21:55 - 2013-04-26 21:55 - 00153880 ____A C:\Windows\Minidump\Mini042713-01.dmp
2013-04-24 05:11 - 2013-04-24 05:12 - 00015304 ____A C:\Windows\System32\iiSetup.log
2013-04-24 04:49 - 2013-04-24 04:50 - 00001892 ____A C:\AdwCleaner[S3].txt
2013-04-24 04:40 - 2013-04-24 04:40 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-04-24 04:38 - 2013-04-24 04:49 - 00001728 ____A C:\AdwCleaner[R4].txt
2013-04-24 04:37 - 2013-04-24 04:37 - 00619461 ____A C:\Users\admin\Desktop\AdwCleaner.exe
2013-04-24 03:14 - 2013-04-24 03:19 - 00003658 ____A C:\find.txt
2013-04-24 03:07 - 2013-04-24 03:10 - 00000000 ____D C:\coreinfo
2013-04-24 00:48 - 2013-04-24 00:48 - 00153880 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-24 00:20 - 2013-04-24 00:20 - 00377856 ____A C:\Users\admin\Desktop\3q9c0z12.exe
2013-04-22 18:50 - 2013-04-22 21:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\Process Hacker 2
2013-04-22 18:44 - 2013-04-22 18:44 - 00001793 ____A C:\Users\admin\Desktop\Process Hacker 2.lnk
2013-04-22 18:44 - 2013-04-22 18:44 - 00000000 ____D C:\Program Files\Process Hacker 2
2013-04-21 17:44 - 2013-04-01 05:48 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Desktop\OTL.exe
2013-04-21 15:49 - 2013-04-21 15:49 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-04-20 06:11 - 2013-04-20 06:12 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-04-19 23:37 - 2013-04-19 23:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-04-19 23:33 - 2013-04-19 23:34 - 00000000 ____D C:\Users\admin\Downloads\Malwarebytes Anti-Malware 1.75.0.1300 PRO Final [ChingLiu]
2013-04-19 17:09 - 2013-04-19 17:09 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-04-19 17:01 - 2013-04-19 17:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-19 06:50 - 2013-04-19 06:50 - 00001000 ____A C:\Users\admin\Desktop\SpyDLLRemover.lnk
2013-04-19 06:50 - 2013-04-19 06:50 - 00000000 ____D C:\Program Files\SecurityXploded
2013-04-18 04:00 - 2013-04-18 04:01 - 00000000 ____A C:\Windows\System32\getservice.txt
2013-04-17 04:10 - 2013-04-17 04:10 - 00000892 ____A C:\avenger.txt
2013-04-17 03:40 - 2013-04-17 03:40 - 00153880 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 03:30 - 2013-04-17 03:30 - 00001568 ____A C:\Windows\System32\RootkitReveal.txt
2013-04-14 06:53 - 2013-04-14 06:53 - 00153880 ____A C:\Windows\Minidump\Mini041513-01.dmp
2013-04-13 00:08 - 2013-05-04 06:59 - 00000000 ____D C:\Users\admin\Desktop\SmitfraudFix
2013-04-12 23:13 - 2013-04-13 00:08 - 00000136 ____A C:\VundoFix.txt
2013-04-10 20:22 - 2013-04-10 20:24 - 00000000 ____D C:\rsit
2013-04-10 20:22 - 2013-04-10 20:23 - 00000000 ____D C:\Program Files\trend micro
2013-04-10 02:34 - 2013-04-10 02:34 - 00153880 ____A C:\Windows\Minidump\Mini041013-01.dmp
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:35 - 2013-04-06 19:36 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:19 - 2013-04-06 19:20 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-06 03:22 - 2013-05-04 00:57 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 03:15 - 2013-04-23 17:31 - 00816128 ____A C:\Users\admin\Desktop\RogueKiller.exe
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
==================== One Month Modified Files and Folders ========
2013-05-05 15:13 - 2013-05-05 15:13 - 00001565 ____A C:\RKreport[5]_S_05052013_02d1513.txt
2013-05-05 15:13 - 2009-06-15 17:41 - 00000000 ___RD C:\Users\admin\Desktop\Extraz
2013-05-05 15:12 - 2013-05-05 15:12 - 00001813 ____A C:\RKreport[4]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001491 ____A C:\RKreport[3]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001454 ____A C:\RKreport[2]_S_05052013_02d1512.txt
2013-05-05 15:11 - 2013-05-05 15:11 - 00001716 ____A C:\RKreport[1]_S_05052013_02d1511.txt
2013-05-05 15:09 - 2013-05-05 15:09 - 00000000 ____D C:\RK_Quarantine
2013-05-04 18:43 - 2013-03-26 04:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-05-04 18:04 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-04 18:04 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 17:08 - 2006-11-02 02:33 - 01591034 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-04 17:06 - 2013-03-30 07:45 - 00002647 ____A C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
2013-05-04 17:04 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.dat
2013-05-04 17:04 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.001
2013-05-04 17:03 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-04 17:01 - 2013-02-26 05:23 - 00022690 ____A C:\Windows\PFRO.log
2013-05-04 17:01 - 2009-07-03 20:04 - 00000000 ____D C:\Program Files\uTorrent
2013-05-04 17:00 - 2013-05-04 17:00 - 1877077796 ____A C:\Windows\Procmon.pmb
2013-05-04 06:59 - 2013-04-13 00:08 - 00000000 ____D C:\Users\admin\Desktop\SmitfraudFix
2013-05-04 06:55 - 2013-05-04 06:55 - 00000714 ____A C:\Users\admin\Documents\efsefse.log
2013-05-04 06:45 - 2009-06-15 20:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\X-Chat 2
2013-05-04 06:44 - 2012-05-23 00:56 - 00478371 ____A C:\Windows\WindowsUpdate.log
2013-05-04 05:57 - 2013-03-26 00:50 - 00000000 ____D C:\FRST
2013-05-04 05:56 - 2013-05-04 05:56 - 00000512 ____A C:\Users\admin\Desktop\MBRCheck_MBR_Backup_05-05-13_01-56-39.bak
2013-05-04 05:56 - 2013-05-04 05:51 - 00011105 ____A C:\Users\admin\Desktop\MBRCheck_05.05.13_01.51.54.txt
2013-05-04 01:29 - 2009-07-03 20:04 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-05-04 01:08 - 2013-05-04 01:08 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (32bit)(1-click run)(registered)
2013-05-04 01:08 - 2010-05-06 17:43 - 00000000 ____D C:\Users\admin\Documents\Installers2
2013-05-04 01:06 - 2013-05-04 01:06 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (64bit)(1-click run)(registered)
2013-05-04 00:57 - 2013-04-06 03:22 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-05-04 00:35 - 2013-05-04 00:35 - 00399124 ____A C:\Users\admin\Desktop\checkdisk.zip
2013-05-04 00:33 - 2013-05-04 00:33 - 00080384 ____A C:\Users\admin\Desktop\MBRCheck.exe
2013-05-03 19:30 - 2013-05-03 19:30 - 00347424 ____A (Microsoft Corporation) C:\Users\admin\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2013-05-03 17:43 - 2009-09-16 04:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\dvdcss
2013-05-03 06:50 - 2013-05-03 06:50 - 00064392 ___AH (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON23.SYS
2013-05-03 01:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing
2013-05-02 20:46 - 2013-05-02 20:46 - 03152316 ____A C:\Users\admin\Desktop\servicez.reg
2013-05-02 20:44 - 2013-03-17 02:44 - 00020348 ____A C:\Users\admin\Desktop\TESTS.txt
2013-05-02 20:39 - 2013-05-02 20:39 - 00017452 ____A C:\Users\admin\Desktop\confi.txt
2013-05-02 19:58 - 2013-05-02 19:58 - 00426668 ____A C:\Users\admin\Desktop\Windows6.0-KB958644-x86.msu
2013-05-02 01:58 - 2010-11-16 08:18 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-02 01:56 - 2013-05-02 01:57 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-02 01:56 - 2013-05-02 01:57 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-02 01:56 - 2013-05-02 01:57 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-02 01:48 - 2010-11-16 08:17 - 00000000 ____D C:\Program Files\Java
2013-05-01 23:58 - 2009-06-14 18:07 - 00103936 ____A C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-01 05:50 - 2013-04-01 06:05 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-05-01 04:51 - 2013-05-01 04:50 - 00000000 ___SD C:\32788R22FWJFW
2013-04-30 22:06 - 2013-04-30 21:03 - 00000000 ____D C:\ComboFix
2013-04-30 22:05 - 2011-04-02 06:43 - 00000000 ____D C:\Qoobox
2013-04-30 21:21 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-04-30 20:04 - 2013-04-30 20:04 - 05061928 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-30 19:49 - 2013-04-04 01:50 - 00000939 ____A C:\Users\admin\Desktop\BlueScreenView.cfg
2013-04-30 18:48 - 2013-04-30 18:31 - 00000460 ____A C:\Users\admin\Desktop\SystemLook.txt
2013-04-30 18:29 - 2013-04-30 18:29 - 00139264 ____A C:\Users\admin\Desktop\SystemLook.exe
2013-04-30 04:45 - 2013-04-30 04:45 - 00185344 ____A C:\Windows\System32\Drivers\KeDetective130.sys
2013-04-30 04:02 - 2013-04-30 04:02 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\System32\Drivers\19kzdy5e.sys
2013-04-29 06:30 - 2009-10-04 23:22 - 00000000 ____D C:\Users\admin\AppData\Local\Xenocode
2013-04-29 06:29 - 2013-04-29 06:29 - 00000000 ____D C:\FU_Backup
2013-04-29 06:29 - 2011-11-02 16:27 - 00000000 ____D C:\Program Files\Memeo
2013-04-29 06:29 - 2009-08-20 22:05 - 00000000 ____D C:\Program Files\MySecretFolder
2013-04-29 05:25 - 2013-04-29 05:25 - 00153880 ____A C:\Windows\Minidump\Mini043013-01.dmp
2013-04-29 05:25 - 2009-06-14 21:46 - 00000000 ____D C:\Windows\Minidump
2013-04-29 05:24 - 2013-02-26 05:23 - 117159758 ____A C:\Windows\MEMORY.DMP
2013-04-27 22:03 - 2010-04-18 18:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-04-27 21:53 - 2006-11-02 05:01 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-27 21:52 - 2013-04-27 21:52 - 00000616 ____A C:\Users\admin\Desktop\Downloads - Shortcut.lnk
2013-04-27 17:29 - 2009-06-20 05:07 - 00000000 ____D C:\Program Files\CONEXANT
2013-04-27 17:24 - 2009-06-14 19:13 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-04-27 17:23 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Daily Crossword
2013-04-27 17:23 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Currency Exchange
2013-04-27 04:40 - 2013-04-27 04:39 - 00131072 ____A C:\Windows\Minidump\Mini042813-01.dmp
2013-04-26 21:55 - 2013-04-26 21:55 - 00153880 ____A C:\Windows\Minidump\Mini042713-01.dmp
2013-04-25 02:59 - 2009-07-26 02:48 - 00000000 ____D C:\Program Files\IrfanView
2013-04-24 05:21 - 2013-04-01 19:39 - 00000000 ____D C:\ProgramData\RegRun
2013-04-24 05:14 - 2009-10-20 17:39 - 00000000 ____D C:\Program Files\Ahead
2013-04-24 05:12 - 2013-04-24 05:11 - 00015304 ____A C:\Windows\System32\iiSetup.log
2013-04-24 05:11 - 2013-01-20 15:57 - 00000605 ____A C:\Windows\wencyc01.ini
2013-04-24 05:11 - 2013-01-20 15:57 - 00000012 ____A C:\Windows\timeline.ini
2013-04-24 05:10 - 2009-07-30 23:16 - 00000000 ____D C:\Program Files\Common Files\Real
2013-04-24 05:10 - 2009-07-30 23:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Real
2013-04-24 05:08 - 2011-10-13 04:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Vso
2013-04-24 04:50 - 2013-04-24 04:49 - 00001892 ____A C:\AdwCleaner[S3].txt
2013-04-24 04:50 - 2009-06-15 18:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-24 04:49 - 2013-04-24 04:38 - 00001728 ____A C:\AdwCleaner[R4].txt
2013-04-24 04:40 - 2013-04-24 04:40 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-04-24 04:37 - 2013-04-24 04:37 - 00619461 ____A C:\Users\admin\Desktop\AdwCleaner.exe
2013-04-24 03:19 - 2013-04-24 03:14 - 00003658 ____A C:\find.txt
2013-04-24 03:10 - 2013-04-24 03:07 - 00000000 ____D C:\coreinfo
2013-04-24 02:22 - 2013-03-19 00:48 - 00000750 ____A C:\Windows\setupact.log
2013-04-24 02:22 - 2013-03-19 00:48 - 00000274 ____A C:\Windows\setuperr.log
2013-04-24 02:22 - 2009-06-20 04:02 - 00044857 ____A C:\Windows\diagerr.xml
2013-04-24 02:22 - 2009-06-20 04:02 - 00002189 ____A C:\Windows\diagwrn.xml
2013-04-24 00:48 - 2013-04-24 00:48 - 00153880 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-24 00:20 - 2013-04-24 00:20 - 00377856 ____A C:\Users\admin\Desktop\3q9c0z12.exe
2013-04-23 20:19 - 2010-08-06 00:36 - 00000000 ____D C:\Program Files\DrWeb
2013-04-23 17:31 - 2013-04-05 03:15 - 00816128 ____A C:\Users\admin\Desktop\RogueKiller.exe
2013-04-22 21:00 - 2013-04-22 18:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\Process Hacker 2
2013-04-22 18:44 - 2013-04-22 18:44 - 00001793 ____A C:\Users\admin\Desktop\Process Hacker 2.lnk
2013-04-22 18:44 - 2013-04-22 18:44 - 00000000 ____D C:\Program Files\Process Hacker 2
2013-04-21 18:21 - 2012-02-11 02:19 - 00196608 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-04-21 18:21 - 2012-02-11 02:19 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-04-21 18:21 - 2012-02-11 00:16 - 01245184 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-04-21 15:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-04-21 15:49 - 2013-04-21 15:49 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-04-20 06:12 - 2013-04-20 06:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-04-19 23:37 - 2013-04-19 23:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-04-19 23:34 - 2013-04-19 23:33 - 00000000 ____D C:\Users\admin\Downloads\Malwarebytes Anti-Malware 1.75.0.1300 PRO Final [ChingLiu]
2013-04-19 17:09 - 2013-04-19 17:09 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-04-19 17:06 - 2009-06-26 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-04-19 17:01 - 2013-04-19 17:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-19 17:01 - 2012-01-15 23:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-19 06:50 - 2013-04-19 06:50 - 00001000 ____A C:\Users\admin\Desktop\SpyDLLRemover.lnk
2013-04-19 06:50 - 2013-04-19 06:50 - 00000000 ____D C:\Program Files\SecurityXploded
2013-04-18 04:11 - 2009-06-14 17:31 - 00000000 ____D C:\users\admin
2013-04-18 04:01 - 2013-04-18 04:00 - 00000000 ____A C:\Windows\System32\getservice.txt
2013-04-17 06:17 - 2013-03-17 03:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Runscanner.net
2013-04-17 04:13 - 2013-04-02 18:49 - 00000000 ____D C:\Avenger
2013-04-17 04:10 - 2013-04-17 04:10 - 00000892 ____A C:\avenger.txt
2013-04-17 03:40 - 2013-04-17 03:40 - 00153880 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 03:30 - 2013-04-17 03:30 - 00001568 ____A C:\Windows\System32\RootkitReveal.txt
2013-04-16 04:45 - 2009-10-28 13:55 - 00000116 ____A C:\Windows\NeroDigital.ini
2013-04-16 04:31 - 2011-04-02 05:53 - 00004206 ____N C:\Win32.Worm.Downladup.Gen.log
2013-04-14 23:22 - 2010-12-04 05:09 - 00000000 ____D C:\Users\admin\Documents\Installers3
2013-04-14 06:53 - 2013-04-14 06:53 - 00153880 ____A C:\Windows\Minidump\Mini041513-01.dmp
2013-04-13 00:08 - 2013-04-12 23:13 - 00000136 ____A C:\VundoFix.txt
2013-04-11 04:28 - 2011-12-30 03:39 - 00007028 ____A C:\Users\admin\Desktop\js.txt
2013-04-10 20:24 - 2013-04-10 20:22 - 00000000 ____D C:\rsit
2013-04-10 20:23 - 2013-04-10 20:22 - 00000000 ____D C:\Program Files\trend micro
2013-04-10 03:07 - 2009-10-28 13:39 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-04-10 02:38 - 2009-10-20 17:39 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-04-10 02:34 - 2013-04-10 02:34 - 00153880 ____A C:\Windows\Minidump\Mini041013-01.dmp
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-07 03:39 - 2009-07-22 05:13 - 00000000 ____D C:\Program Files\Cain
2013-04-07 03:38 - 2011-12-18 03:50 - 00000000 ____D C:\Program Files\CACE Technologies
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:36 - 2013-04-06 19:35 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:20 - 2013-04-06 19:19 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 19:15 - 2013-04-03 03:44 - 00031424 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-04-06 05:19 - 2010-10-15 02:56 - 00000000 ____D C:\Program Files\USBScan
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-05 21:18 - 2006-11-02 02:23 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_815
2013-04-05 21:15 - 2006-11-02 02:22 - 36438016 ____A C:\Windows\System32\config\software.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 35127296 ____A C:\Windows\System32\config\system.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 09453568 ____A C:\Windows\System32\config\COMPON~3.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 04718592 ____A C:\Windows\System32\config\default.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00057344 ____A C:\Windows\System32\config\sam.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00032768 ____A C:\Windows\System32\config\security.bak
2013-04-05 21:14 - 2011-04-02 06:44 - 00000000 ____D C:\Windows\ERDNT
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
==================== Known DLLs ==============================
[2006-11-02 00:51] - [2006-11-02 01:46] - 0523776 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 1314816 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2006-11-02 01:16] - [2006-11-02 01:46] - 0770048 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0454656 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0296448 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2006-11-02 00:49] - [2006-11-02 01:46] - 0266752 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2006-11-02 01:00] - [2006-11-02 01:46] - 0152576 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0115200 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2006-11-02 00:33] - [2006-11-02 01:46] - 0874496 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2006-11-02 00:39] - [2006-11-02 01:46] - 0805888 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2006-11-02 00:30] - [2006-11-02 01:46] - 0681472 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2006-11-02 00:33] - [2006-11-02 00:33] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2006-11-02 00:57] - [2006-11-02 01:46] - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2012-02-17 17:38] - [2012-02-17 17:38] - 0558080 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 0789504 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2012-02-17 17:39] - [2012-02-17 17:39] - 1585664 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 11314688 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0339968 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 1149952 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0502784 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0822272 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2006-11-02 00:58] - [2006-11-02 01:46] - 0178688 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-11-02 00:47] - [2006-11-02 01:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-04-24 05:05:45
Restore point made on: 2013-04-24 05:13:02
Restore point made on: 2013-04-25 21:57:56
Restore point made on: 2013-04-27 17:24:03
Restore point made on: 2013-04-27 17:26:42
Restore point made on: 2013-04-27 17:28:30
Restore point made on: 2013-04-29 23:50:21
Restore point made on: 2013-05-01 15:27:56
Restore point made on: 2013-05-02 01:44:43
Restore point made on: 2013-05-02 01:46:58
Restore point made on: 2013-05-02 01:55:27
Restore point made on: 2013-05-02 20:01:25
Restore point made on: 2013-05-03 18:37:39
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 1278.94 MB
Available physical RAM: 876.56 MB
Total Pagefile: 1119.89 MB
Available Pagefile: 946.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.6 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:74.53 GB) (Free:19.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (LRMCFRE_EN_DVD) (CDROM) (Total:2.49 GB) (Free:0 GB) UDF
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1081 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 1024 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 75 GB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 999CA4E5
Partition 1:
=========
Hex: 8020210007FEFFFF0008000000E85009
Active: YES
Type: 07 (NTFS)
Size: 75 GB
Last Boot: 2013-05-04 17:08
==================== End Of Log ============================
to be safe, i doubled checked SR in the registry, and it is definitely a service for system restore (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SR) set to start on BOOT (0)
I tried deleting it via GMER too
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-05 02:55:28
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST380215A rev.3.AAD 74.53GB
Running: 3q9c0z12.exe; Driver: C:\Users\admin\AppData\Local\Temp\agrcrpod.sys
---- Kernel code sections - GMER 2.1 ----
? C:\Windows\system32\drivers\TrueSight.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\Users\admin\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP152.SYS The system cannot find the file specified. !
---- EOF - GMER 2.1 ----
I put my PC to sleep last night and when i came back, it won't start and when i tried, i got those long continuous beeps...i removed all RAMs, CmOS, tried jumper even the video car and it won't start, banged my head with this for 3 hours before just punching the PC..it booted up, but it looks like one of my RAM is now dead...not sure if the virus can kill my RAM but slowly my system is failing
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 53 days old)
Ran by SYSTEM at 05-05-2013 15:13:51
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry ================================
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1232896 2010-07-18] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2159104 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [24576 2006-11-02] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] Explorer.exe [2923520 2006-11-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.4.4 183.81.133.151
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
============== Services =========================
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [24576 2006-11-02] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [58880 2006-11-02] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [33280 2006-11-02] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 Audiosrv; C:\Windows\System32\Audiosrv.dll [310272 2006-11-02] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [317440 2006-11-02] (Microsoft Corporation)
3 BITS; C:\Windows\System32\qmgr.dll [750080 2010-07-18] (Microsoft Corporation)
2 Browser; C:\Windows\System32\browser.dll [81408 2006-11-02] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [59392 2006-11-01] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [7168 2006-11-02] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [123392 2006-11-02] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
3 DFSR; C:\Windows\System32\DFSR.exe [2089984 2006-11-02] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [204800 2006-11-02] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [83968 2006-11-02] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [146944 2006-11-02] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [134656 2006-11-02] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [34816 2006-11-02] (Microsoft Corporation)
4 ehRecvr; C:\Windows\ehome\ehRecvr.exe [291840 2006-11-02] (Microsoft Corporation)
4 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
4 ehstart; C:\Windows\ehome\ehstart.dll [13312 2006-11-02] (Microsoft Corporation)
3 EMDMgmt; C:\Windows\System32\emdmgmt.dll [560640 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [259584 2006-11-02] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [12800 2006-11-02] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [27648 2006-11-02] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [36864 2006-11-02] (Microsoft Corporation)
2 gpsvc; C:\Windows\System32\gpsvc.dll [569344 2006-11-02] (Microsoft Corporation)
2 hidserv; C:\Windows\System32\hidserv.dll [25600 2006-11-02] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [69120 2006-11-02] (Microsoft Corporation)
4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
4 idsvc; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [741376 2006-11-02] (Microsoft Corporation)
2 IKEEXT; C:\Windows\System32\ikeext.dll [416768 2006-11-02] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [74240 2006-11-02] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [177664 2006-11-02] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
2 KtmRm; C:\Windows\System32\msdtckrm.dll [284672 2006-11-02] (Microsoft Corporation)
4 LanmanServer; C:\Windows\System32\srvsvc.dll [121344 2006-11-02] (Microsoft Corporation)
3 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [156160 2006-11-02] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [188416 2006-11-02] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [18944 2006-11-02] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [51712 2006-11-02] (Microsoft Corporation)
3 MMCSS; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [395264 2006-11-02] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [106496 2006-11-02] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [111104 2006-11-02] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [71680 2006-11-02] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [277504 2006-11-02] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [273920 2006-11-02] (Microsoft Corporation)
3 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator [122880 2006-11-02] (Microsoft Corporation)
3 NetPipeActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
2 netprofm; C:\Windows\System32\netprofm.dll [235520 2006-11-02] (Microsoft Corporation)
3 NetTcpActivator; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [122880 2006-11-02] (Microsoft Corporation)
3 NlaSvc; C:\Windows\System32\nlasvc.dll [171520 2006-11-02] (Microsoft Corporation)
3 nsi; C:\Windows\System32\nsisvc.dll [18432 2006-11-02] (Microsoft Corporation)
2 nvsvc; C:\Windows\System32\nvvsvc.exe [129640 2010-04-02] (NVIDIA Corporation)
3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441136 2006-10-25] (Microsoft Corporation)
3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-25] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [37888 2006-11-02] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1499136 2006-11-02] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [221696 2012-02-17] (Microsoft Corporation)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [656384 2006-11-02] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [361984 2006-11-02] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242176 2006-11-02] (Microsoft Corporation)
4 RasAuto; C:\Windows\System32\rasauto.dll [90624 2006-11-02] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [234496 2006-11-02] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [65536 2006-11-02] (Microsoft Corporation)
4 RemoteRegistry; C:\Windows\System32\regsvc.dll [105984 2006-11-02] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [7680 2006-11-02] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [545792 2006-11-02] (Microsoft Corporation)
1 SamSs; C:\Windows\System32\lsass.exe [7680 2012-02-17] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [95232 2006-11-02] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [595456 2012-02-17] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [39936 2006-11-02] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [102912 2006-11-02] (Microsoft Corporation)
2 seclogon; C:\Windows\system32\seclogon.dll [19968 2006-11-02] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [47104 2006-11-02] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [92160 2006-11-02] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [286720 2006-11-02] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
2 simptcp; C:\Windows\System32\tcpsvcs.exe [9728 2006-11-02] (Microsoft Corporation)
2 slsvc; C:\Windows\System32\SLsvc.exe [2592256 2006-11-02] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [57344 2006-11-02] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2006-11-02] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [124928 2006-11-02] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [155136 2006-11-02] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [451584 2006-11-02] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [292864 2006-11-02] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [540672 2006-11-02] (Microsoft Corporation)
4 TabletInputService; C:\Windows\System32\TabSvc.dll [68096 2006-11-02] (Microsoft Corporation)
2 TapiSrv; C:\Windows\System32\tapisrv.dll [242688 2006-11-02] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [54784 2006-11-02] (Microsoft Corporation)
2 TermService; C:\Windows\System32\termsrv.dll [427520 2006-11-02] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [245248 2006-11-02] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [45056 2006-11-02] (Microsoft Corporation)
3 TrkWks; C:\Windows\System32\trkwks.dll [75264 2006-11-02] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [27136 2012-02-17] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [35840 2006-11-02] (Microsoft Corporation)
2 upnphost; C:\Windows\System32\upnphost.dll [259072 2006-11-02] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [28672 2006-11-02] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [392704 2006-11-02] (Microsoft Corporation)
4 VMCService; "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe" [9216 2009-09-17] (Vodafone)
3 VSS; C:\Windows\System32\vssvc.exe [924160 2006-11-02] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [270848 2006-11-02] (Microsoft Corporation)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [322560 2011-04-02] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [249344 2006-11-02] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [32256 2006-11-02] (Microsoft Corporation)
2 WdiServiceHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [74240 2006-11-02] (Microsoft Corporation)
4 WebClient; C:\Windows\System32\webclnt.dll [194048 2006-11-02] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [152576 2006-11-02] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [63488 2006-11-02] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [127488 2006-11-02] (Microsoft Corporation)
3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [263272 2006-11-02] (Microsoft Corporation)
3 WinHttpAutoProxySvc; winhttp.dll [376832 2006-11-02] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [161280 2006-11-02] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [450048 2006-11-02] (Microsoft Corporation)
4 Wlansvc; C:\Windows\System32\wlansvc.dll [502784 2006-11-02] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [137216 2006-11-02] (Microsoft Corporation)
4 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [895488 2006-11-02] (Microsoft Corporation)
4 WPCSvc; C:\Windows\System32\wpcsvc.dll [141824 2006-11-02] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [70144 2006-11-02] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [52224 2006-11-02] (Microsoft Corporation)
4 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [287744 2006-11-02] (Microsoft Corporation)
3 wuauserv; C:\Windows\System32\wuaueng.dll [1929952 2010-07-18] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [55296 2006-11-02] (Microsoft Corporation)
4 PQEHM; C:\Users\admin\AppData\Local\Temp\PQEHM.exe [x]
==================== Drivers ===============================
0 19kzdy5e; C:\Windows\System32\Drivers\19kzdy5e.sys [35904 2013-04-30] (VirusBlokAda Ltd.)
3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-01] (Intel Corporation)
0 ACPI; C:\Windows\System32\drivers\acpi.sys [255592 2006-11-02] (Microsoft Corporation)
4 adp94xx; C:\Windows\system32\drivers\adp94xx.sys [420968 2006-11-02] (Adaptec, Inc.)
4 adpahci; C:\Windows\system32\drivers\adpahci.sys [297576 2006-11-02] (Adaptec, Inc.)
4 adpu160m; C:\Windows\system32\drivers\adpu160m.sys [98408 2006-11-02] (Adaptec, Inc.)
4 adpu320; C:\Windows\system32\drivers\adpu320.sys [147048 2006-11-02] (Adaptec, Inc.)
1 AFD; C:\Windows\system32\drivers\afd.sys [270336 2006-11-02] (Microsoft Corporation)
0 agp440; C:\Windows\System32\DRIVERS\agp440.sys [53864 2006-11-02] (Microsoft Corporation)
4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [71272 2006-11-02] (Adaptec, Inc.)
4 aliide; C:\Windows\system32\drivers\aliide.sys [14952 2006-11-02] (Acer Laboratories Inc.)
3 amdagp; C:\Windows\system32\drivers\amdagp.sys [54888 2006-11-02] (Microsoft Corporation)
4 amdide; C:\Windows\system32\drivers\amdide.sys [15464 2006-11-02] (Microsoft Corporation)
4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [38912 2006-11-02] (Microsoft Corporation)
4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [40960 2006-11-02] (Microsoft Corporation)
3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [108104 2010-12-01] (SlySoft, Inc.)
4 arc; C:\Windows\system32\drivers\arc.sys [67688 2006-11-02] (Adaptec, Inc.)
4 arcsas; C:\Windows\system32\drivers\arcsas.sys [67688 2006-11-02] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17408 2006-11-02] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [19048 2006-11-02] (Microsoft Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6144 2006-11-02] (Microsoft Corporation)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2006-11-02] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [13568 2006-11-02] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\system32\drivers\brfiltup.sys [5248 2006-11-02] (Brother Industries, Ltd.)
4 Brserid; C:\Windows\system32\drivers\brserid.sys [71808 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [62336 2006-11-02] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\system32\drivers\brusbmdm.sys [12160 2006-11-02] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\system32\drivers\brusbser.sys [11904 2006-11-02] (Brother Industries Ltd.)
4 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [39936 2006-11-02] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70144 2006-11-02] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [67072 2006-11-02] (Microsoft Corporation)
4 circlass; C:\Windows\system32\drivers\circlass.sys [35328 2006-11-02] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [224824 2012-02-17] (Microsoft Corporation)
4 cmdide; C:\Windows\system32\drivers\cmdide.sys [16488 2006-11-02] (CMD Technology, Inc.)
4 Compbatt; C:\Windows\system32\drivers\compbatt.sys [18280 2006-11-02] (Microsoft Corporation)
3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()
0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [22632 2006-11-02] (Microsoft Corporation)
4 Crusoe; C:\Windows\system32\drivers\crusoe.sys [38912 2006-11-02] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [74752 2006-11-02] (Microsoft Corporation)
0 disk; C:\Windows\System32\drivers\disk.sys [52840 2006-11-02] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2006-11-02] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [617472 2006-11-02] (Microsoft Corporation)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [163328 2006-11-01] (Intel Corporation)
3 E1G60; C:\Windows\System32\DRIVERS\E1G60I32.sys [117760 2006-11-01] (Intel Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [132200 2006-11-02] (Microsoft Corporation)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
4 elxstor; C:\Windows\system32\drivers\elxstor.sys [316520 2006-11-02] (Emulex)
3 ERmvrDrv; \??\C:\Windows\system32\drivers\ERKRmvrDrv.sys [31424 2013-04-06] ()
3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [112128 2009-07-22] (Huawei Technologies Co., Ltd.)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [142336 2006-11-02] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [25088 2006-11-02] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [56424 2006-11-02] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [27648 2006-11-02] (Microsoft Corporation)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [20480 2006-11-02] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [183912 2006-11-02] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [12800 2006-11-02] (Microsoft Corporation)
3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [58984 2006-11-02] (Microsoft Corporation)
3 GVCplDrv; C:\Windows\System32\Drivers\GVCplDrv.sys [23040 2004-05-02] ()
4 HDAudBus; C:\Windows\system32\drivers\hdaudbus.sys [53248 2006-11-01] (Microsoft Corporation)
4 HidBth; C:\Windows\system32\drivers\hidbth.sys [29184 2006-11-02] (Microsoft Corporation)
4 HidIr; C:\Windows\system32\drivers\hidir.sys [21504 2006-11-02] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [12288 2006-11-02] (Microsoft Corporation)
4 HpCISSs; C:\Windows\system32\drivers\hpcisss.sys [37480 2006-11-02] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [396800 2011-04-02] (Microsoft Corporation)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [102912 2009-07-22] (Huawei Technologies Co., Ltd.)
3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-22] (Huawei Technologies Co., Ltd.)
4 i2omp; C:\Windows\system32\drivers\i2omp.sys [27752 2006-11-02] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [54784 2012-02-17] (Microsoft Corporation)
4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [232040 2006-11-02] (Intel Corporation)
4 iirsp; C:\Windows\system32\drivers\iirsp.sys [41576 2006-11-02] (Intel Corp./ICP vortex GmbH)
0 intelide; C:\Windows\System32\drivers\intelide.sys [14952 2006-11-02] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [39424 2006-11-02] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [47104 2006-11-02] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [65536 2006-11-02] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [99840 2006-11-02] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13312 2006-11-02] (Microsoft Corporation)
4 isapnp; C:\Windows\system32\drivers\isapnp.sys [47208 2006-11-02] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [168552 2006-11-02] (Microsoft Corporation)
4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [35384 2012-02-17] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [15872 2012-02-17] (Microsoft Corporation)
3 KeyMaestro; \??\C:\Windows\System32\Drivers\Maestro0.sys [34016 2000-08-07] (Vireo Software)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [408136 2012-02-17] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [47104 2006-11-02] (Microsoft Corporation)
4 LSI_FC; C:\Windows\system32\drivers\lsi_fc.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SAS; C:\Windows\system32\drivers\lsi_sas.sys [65640 2006-11-02] (LSI Logic)
4 LSI_SCSI; C:\Windows\system32\drivers\lsi_scsi.sys [65640 2006-11-02] (LSI Logic)
2 luafv; C:\Windows\system32\drivers\luafv.sys [83456 2006-11-02] (Microsoft Corporation)
3 massfilter; C:\Windows\System32\DRIVERS\massfilter.sys [9216 2010-04-18] (MBB Incorporated)
4 megasas; C:\Windows\system32\drivers\megasas.sys [28776 2006-11-02] (LSI Logic Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2006-11-02] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [18432 2006-11-02] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [41984 2006-11-02] (Microsoft Corporation)
1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [34360 2012-02-17] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [15872 2012-02-17] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [54888 2006-11-02] (Microsoft Corporation)
4 mpio; C:\Windows\system32\drivers\mpio.sys [78952 2006-11-02] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [63488 2006-11-02] (Microsoft Corporation)
4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (LSI Logic Corporation)
3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [109568 2006-11-02] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [101888 2006-11-02] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [211456 2006-11-02] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [57856 2006-11-02] (Microsoft Corporation)
4 msahci; C:\Windows\system32\drivers\msahci.sys [23144 2006-11-02] (Microsoft Corporation)
4 msdsm; C:\Windows\system32\drivers\msdsm.sys [80488 2006-11-02] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [22528 2006-11-02] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13928 2006-11-02] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8192 2006-11-02] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2006-11-02] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2006-11-02] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [160872 2006-11-02] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28776 2006-11-02] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6016 2006-11-02] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [46696 2006-11-02] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [154112 2006-11-02] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [500840 2006-11-02] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20480 2006-11-02] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [16896 2006-11-02] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2006-11-02] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [48640 2006-11-02] (Microsoft Corporation)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [35840 2006-11-02] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [184320 2006-11-02] (Microsoft Corporation)
2 NetProbe; C:\Windows\System32\DRIVERS\netprobe.sys [5365 2009-03-23] ()
4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [45160 2006-11-02] (IBM Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [34816 2006-11-02] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16384 2006-11-02] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1056360 2006-11-02] (Microsoft Corporation)
4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-01] (N-trig Innovative Technologies)
1 Null; C:\Windows\System32\Drivers\Null.sys [4608 2006-11-02] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11573800 2010-04-03] (NVIDIA Corporation)
4 nvraid; C:\Windows\system32\drivers\nvraid.sys [88680 2006-11-02] (NVIDIA Corporation)
4 nvstor; C:\Windows\system32\drivers\nvstor.sys [40040 2006-11-02] (NVIDIA Corporation)
3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [106600 2006-11-02] (Microsoft Corporation)
4 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62080 2006-11-02] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2006-11-02] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [49256 2006-11-02] (Microsoft Corporation)
2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2006-11-02] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [140392 2006-11-02] (Microsoft Corporation)
4 pciide; C:\Windows\system32\drivers\pciide.sys [13416 2006-11-02] (Microsoft Corporation)
4 pcmcia; C:\Windows\system32\drivers\pcmcia.sys [167528 2006-11-02] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [878080 2006-11-02] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [61440 2006-11-02] (Microsoft Corporation)
4 Processor; C:\Windows\system32\drivers\processr.sys [38400 2006-11-02] (Microsoft Corporation)
3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [64392 2013-05-03] (Sysinternals - www.sysinternals.com)
1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [70144 2006-11-02] (Microsoft Corporation)
3 PSSDK42; \??\C:\Windows\system32\Drivers\pssdk42.sys [38976 2009-10-09] (microOLAP Technologies LTD)
3 PSSDKLBF; \??\C:\Windows\system32\Drivers\pssdklbf.sys [53312 2009-10-09] (microOLAP Technologies LTD)
4 ql2300; C:\Windows\system32\drivers\ql2300.sys [900712 2006-11-02] (QLogic Corporation)
4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [106088 2006-11-02] (QLogic Corporation)
3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31232 2006-11-02] (Microsoft Corporation)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2006-11-02] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [75776 2006-11-02] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [41472 2006-11-02] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [222208 2006-11-02] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6144 2006-11-02] (Microsoft Corporation)
4 rdpdr; C:\Windows\system32\drivers\rdpdr.sys [242688 2006-11-02] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6144 2006-11-02] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [160256 2006-11-02] (Microsoft Corporation)
3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [22784 2008-04-15] (Research In Motion Limited)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2006-11-02] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60416 2006-11-02] (Microsoft Corporation)
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [62976 2008-12-01] (Realtek Semiconductor Corp.)
3 s616bus; C:\Windows\System32\DRIVERS\s616bus.sys [83208 2007-04-03] (MCCI Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-05-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [76392 2006-11-02] (Microsoft Corporation)
3 SDTHelper; \??\C:\Users\admin\Desktop\Extraz\radix\sdthlpr.sys [14937 2010-09-05] ()
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [20480 2006-11-01] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2006-11-02] (Microsoft Corporation)
1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\system32\drivers\sermouse.sys [19968 2012-02-17] (Microsoft Corporation)
4 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [13312 2006-11-02] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12800 2006-11-02] (Microsoft Corporation)
3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2006-11-02] (Microsoft Corporation)
4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [13312 2006-11-02] (Microsoft Corporation)
3 sisagp; C:\Windows\system32\drivers\sisagp.sys [53352 2006-11-02] (Microsoft Corporation)
4 SiSRaid2; C:\Windows\system32\drivers\sisraid2.sys [38504 2006-11-02] (Silicon Integrated Systems Corp.)
4 SiSRaid4; C:\Windows\system32\drivers\sisraid4.sys [71784 2006-11-02] (Silicon Integrated Systems)
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [66048 2006-11-02] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [18536 2006-11-02] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [290304 2006-11-02] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [129536 2006-11-02] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [85504 2006-11-02] (Microsoft Corporation)
3 STAC97; C:\Windows\System32\drivers\STAC97.sys [123984 2002-02-25] (SigmaTel, Inc.)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12776 2006-11-02] (Microsoft Corporation)
4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [35944 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [31848 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\system32\drivers\sym_u3.sys [34920 2006-11-02] (LSI Logic)
1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [802816 2006-11-02] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [27648 2006-11-02] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2006-11-02] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [28672 2006-11-02] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [68096 2006-11-02] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [50792 2006-11-02] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [23552 2006-11-02] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [23040 2006-11-02] (Microsoft Corporation)
3 uagp35; C:\Windows\system32\drivers\uagp35.sys [56936 2006-11-02] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [225280 2006-11-02] (Microsoft Corporation)
3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [58472 2006-11-02] (Microsoft Corporation)
4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (ULi Electronics Inc.)
4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Promise Technology, Inc.)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [34816 2006-11-02] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [73216 2006-11-02] (Microsoft Corporation)
4 usbcir; C:\Windows\system32\drivers\usbcir.sys [68608 2006-11-02] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [38400 2006-11-02] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [191488 2006-11-02] (Microsoft Corporation)
4 usbohci; C:\Windows\system32\drivers\usbohci.sys [19456 2006-11-02] (Microsoft Corporation)
4 usbprint; C:\Windows\system32\drivers\usbprint.sys [18944 2006-11-02] (Microsoft Corporation)
3 usbser; C:\Windows\System32\DRIVERS\usbser.sys [28160 2006-11-02] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [54784 2006-11-02] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [22528 2006-11-02] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [132352 2006-11-02] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2006-11-02] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2006-11-02] (Microsoft Corporation)
3 viaagp; C:\Windows\system32\drivers\viaagp.sys [54376 2006-11-02] (Microsoft Corporation)
4 ViaC7; C:\Windows\system32\drivers\viac7.sys [39424 2006-11-02] (Microsoft Corporation)
4 viaide; C:\Windows\system32\drivers\viaide.sys [17512 2006-11-02] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [50280 2006-11-02] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [290408 2006-11-02] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [208488 2006-11-02] (Microsoft Corporation)
4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [112232 2006-11-02] (VIA Technologies Inc.,Ltd)
3 VSTHWBS2; C:\Windows\System32\DRIVERS\VSTBS23.SYS [251904 2006-11-01] (Conexant Systems, Inc.)
3 VST_DPV; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [987648 2006-11-01] (Conexant Systems, Inc.)
4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [20608 2006-11-02] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [61952 2006-11-02] (Microsoft Corporation)
4 Wd; C:\Windows\system32\drivers\wd.sys [19560 2006-11-02] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [495160 2012-02-17] (Microsoft Corporation)
4 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2006-11-02] (Microsoft Corporation)
1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [15872 2006-11-02] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [82560 2006-11-02] (Microsoft Corporation)
3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [114688 2010-03-24] (ZTE Corporation)
3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [105856 2010-04-18] (ZTE Incorporated)
3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-04-18] (ZTE Incorporated)
2 Aspi32; [x]
3 basic2; C:\Windows\System32\DRIVERS\basic2.sys [x]
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFHWBS2.sys [x]
3 HSF_DP; C:\Windows\System32\DRIVERS\HSF_DP.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 MFE_RR; \??\C:\Users\admin\AppData\Local\Temp\mfe_rr.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 Rksample; C:\Windows\System32\DRIVERS\rksample.sys [x]
0 SR; [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]
4 winachsf; C:\Windows\System32\DRIVERS\HSF_CNXT.sys [x]
========================== Drivers MD5 =======================
C:\Windows\System32\Drivers\19kzdy5e.sys 04F76BC3AFF4DD42A0FF860C8E70ACC8
C:\Windows\System32\drivers\ac97intc.sys 4B56CAAFED0B0B996341D74CE0E76565
C:\Windows\System32\drivers\acpi.sys 192BDBD1540645C4A2AA69F24CCE197F
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu160m.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 90395B64600EBB4552E26E178C94B2E4
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys 0577DF1D323FE75A739C787893D300EA
C:\Windows\system32\drivers\amdk7.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AnyDVD.sys 40C279A23BD43553BFBA6E88A9B38AE2
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys 45201046C776FFDAF3FC8A0029C581C8
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Program Files\SystemRequirementsLab\cpudrv.sys D01F685F8B4598D144B0CCE9FF95D8D5
C:\Windows\System32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\crusoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys F032A2F91287A0B800891C7BEF9CA7A8
C:\Windows\System32\DRIVERS\e100b325.sys C0B00E55CF82D122D25983C7A6A53DEA
C:\Windows\System32\DRIVERS\E1G60I32.sys ==> MD5 is legit
C:\Windows\System32\drivers\ecache.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ElbyCDIO.sys D71233D7CCC2E64F8715A20428D5A33B
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\ERKRmvrDrv.sys B504C8B1C25C543539077D2082770F3D
C:\Windows\System32\DRIVERS\ewusbnet.sys 82E7EB9F12321052CD9A904B13724EE2
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 1ED8599E1E08BA40F2B7301F0B83583A
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GVCplDrv.sys F22BF7F345DF95C09942951246AAA28D
C:\Windows\system32\drivers\hdaudbus.sys 5FD053F305B77EBE97F284B20D89DC1C
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hpcisss.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys 348C3A9D01E68A0222A246346924AA55
C:\Windows\System32\DRIVERS\ewusbfake.sys 460B1945C3E6B0419A76E1B507B90B71
C:\Windows\system32\drivers\i2omp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iastorv.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys 97469037714070E45194ED318D636401
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\ipmidrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Maestro0.sys DEBA65F60FCC5B092907D14815E4F4D7
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\massfilter.sys 0B058116D3D4ECCA7DED38F16E0581B2
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\drivers\MODEMCSA.sys 7E222A1BAAA42C8559DB2CE8A12AD828
C:\Windows\System32\DRIVERS\monitor.sys EC839BA91E45CCE6EADAFC418FFF8206
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys 8D326E8B321685D4784AFA1C55169D73
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 93224014A418B72356462B8F7DE6E8C9
C:\Windows\System32\DRIVERS\mrxsmb.sys FCA7563D87F71C6DB0182CA67CC19AA7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 58A9AB5754FA4CABEDE7401283B5A771
C:\Windows\System32\DRIVERS\mrxsmb20.sys 79B09504E4A790104683722CD04F76B4
C:\Windows\system32\drivers\msahci.sys 742AED7939E734C36B7E8D6228CE26B7
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys 497DE786240303EE67AB01F5690C24C2
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys 7584F1794B23B83D63CC124A8C56D103
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys 874C12E3AD1431CABC854697D302C563
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netprobe.sys 44831972666E9989B375C05F010944B2
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 3F379380A4A2637F559444E338CF1B51
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys C8CB6135884CBC2A10225C4C3CEF0F95
C:\Windows\system32\drivers\nvraid.sys E69E946F80C1C31C53003BFBF50CBB7C
C:\Windows\system32\drivers\nvstor.sys 9E0BA19A28C498A6D323D065DB76DFFC
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 1085D75657807E0E8B32F9E19A1647C3
C:\Windows\system32\drivers\pciide.sys 3B1901E401473E03EB8C874271E50C26
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys 6C359AC71D7B550A0D41F9DB4563CE05
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PROCMON23.SYS 0525F70EE0806F1A3D614A3A19057AA5
C:\Windows\System32\DRIVERS\pacer.sys B74EDF14453C9987E99E66535047EBEE
C:\Windows\system32\Drivers\pssdk42.sys C8EB36910D3BD582891977E80925E21E
C:\Windows\system32\Drivers\pssdklbf.sys 0BEC7B42F4093400509821C63F13F1D5
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\Windows\System32\Drivers\RootMdm.sys D49D61312B273DE069584D48C81C8B1D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTSTOR.SYS 9B09F336DE36A7A6CA871DE8A7847B65
C:\Windows\System32\DRIVERS\s616bus.sys EF4B5A8D53F15CB269469DD4E4BB0109
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS A3281AEC37E0720A2BC28034C2DF2A56
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 61DB0D0756A99506207FD724E3692B25
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Users\admin\Desktop\Extraz\radix\sdthlpr.sys E81D58E1B9B6D1158CB1A9DA867179D7
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 2C677528B24D64D22886ECBE5CD97F20
C:\Windows\System32\DRIVERS\srv2.sys 382BAF4DCBD7648CED6C64A8A1E335B2
C:\Windows\System32\DRIVERS\srvnet.sys F8E47A77E1690D8574962B69CB22BEB3
C:\Windows\System32\drivers\STAC97.sys 298A8B2FD4DEE6058FE787364B1CE3EA
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\DRIVERS\tcpip.sys D944522B048A5FEB7700B5170D3D9423
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys 52DAA1FA3B5A40D6A6627B44C60A9B78
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser.sys C0488CC01A1C686B08A3D360C7F50324
C:\Windows\System32\DRIVERS\USBSTOR.SYS FDBAABF07244C60B0F4E0A6E71A107C6
C:\Windows\System32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys 0A6B81F01BC86399482E27E6FDA7B33B
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys FD2E3175FCADA350C7AB4521DCA187EC
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 11EF6C1CAEF76B685233450A126125D6
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTBS23.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\VSTDPV3.SYS ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\System32\DRIVERS\wanarp.sys 6E1A5BE9A0605F3D932FF35FBA2B22B3
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbnet.sys 453A60F8DC22FC296BC482CBF3EFF213
C:\Windows\System32\DRIVERS\ZTEusbnmea.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbser6k.sys 2A6F72D2B6A549B1FC6A6522BC204159
C:\Windows\System32\DRIVERS\ZTEusbvoice.sys 2A6F72D2B6A549B1FC6A6522BC204159
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-05 15:13 - 2013-05-05 15:13 - 00001565 ____A C:\RKreport[5]_S_05052013_02d1513.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001813 ____A C:\RKreport[4]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001491 ____A C:\RKreport[3]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001454 ____A C:\RKreport[2]_S_05052013_02d1512.txt
2013-05-05 15:11 - 2013-05-05 15:11 - 00001716 ____A C:\RKreport[1]_S_05052013_02d1511.txt
2013-05-05 15:09 - 2013-05-05 15:09 - 00000000 ____D C:\RK_Quarantine
2013-05-04 17:00 - 2013-05-04 17:00 - 1877077796 ____A C:\Windows\Procmon.pmb
2013-05-04 06:55 - 2013-05-04 06:55 - 00000714 ____A C:\Users\admin\Documents\efsefse.log
2013-05-04 05:56 - 2013-05-04 05:56 - 00000512 ____A C:\Users\admin\Desktop\MBRCheck_MBR_Backup_05-05-13_01-56-39.bak
2013-05-04 05:51 - 2013-05-04 05:56 - 00011105 ____A C:\Users\admin\Desktop\MBRCheck_05.05.13_01.51.54.txt
2013-05-04 01:08 - 2013-05-04 01:08 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (32bit)(1-click run)(registered)
2013-05-04 01:06 - 2013-05-04 01:06 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (64bit)(1-click run)(registered)
2013-05-04 00:35 - 2013-05-04 00:35 - 00399124 ____A C:\Users\admin\Desktop\checkdisk.zip
2013-05-04 00:33 - 2013-05-04 00:33 - 00080384 ____A C:\Users\admin\Desktop\MBRCheck.exe
2013-05-03 19:30 - 2013-05-03 19:30 - 00347424 ____A (Microsoft Corporation) C:\Users\admin\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2013-05-03 06:50 - 2013-05-03 06:50 - 00064392 ___AH (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON23.SYS
2013-05-02 20:46 - 2013-05-02 20:46 - 03152316 ____A C:\Users\admin\Desktop\servicez.reg
2013-05-02 20:39 - 2013-05-02 20:39 - 00017452 ____A C:\Users\admin\Desktop\confi.txt
2013-05-02 19:58 - 2013-05-02 19:58 - 00426668 ____A C:\Users\admin\Desktop\Windows6.0-KB958644-x86.msu
2013-05-02 01:57 - 2013-05-02 01:56 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-02 01:57 - 2013-05-02 01:56 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-02 01:57 - 2013-05-02 01:56 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-01 04:50 - 2013-05-01 04:51 - 00000000 ___SD C:\32788R22FWJFW
2013-04-30 21:03 - 2013-04-30 22:06 - 00000000 ____D C:\ComboFix
2013-04-30 20:04 - 2013-04-30 20:04 - 05061928 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-30 18:31 - 2013-04-30 18:48 - 00000460 ____A C:\Users\admin\Desktop\SystemLook.txt
2013-04-30 18:29 - 2013-04-30 18:29 - 00139264 ____A C:\Users\admin\Desktop\SystemLook.exe
2013-04-30 04:45 - 2013-04-30 04:45 - 00185344 ____A C:\Windows\System32\Drivers\KeDetective130.sys
2013-04-30 04:02 - 2013-04-30 04:02 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\System32\Drivers\19kzdy5e.sys
2013-04-29 06:29 - 2013-04-29 06:29 - 00000000 ____D C:\FU_Backup
2013-04-29 05:25 - 2013-04-29 05:25 - 00153880 ____A C:\Windows\Minidump\Mini043013-01.dmp
2013-04-27 21:52 - 2013-04-27 21:52 - 00000616 ____A C:\Users\admin\Desktop\Downloads - Shortcut.lnk
2013-04-27 04:39 - 2013-04-27 04:40 - 00131072 ____A C:\Windows\Minidump\Mini042813-01.dmp
2013-04-26 21:55 - 2013-04-26 21:55 - 00153880 ____A C:\Windows\Minidump\Mini042713-01.dmp
2013-04-24 05:11 - 2013-04-24 05:12 - 00015304 ____A C:\Windows\System32\iiSetup.log
2013-04-24 04:49 - 2013-04-24 04:50 - 00001892 ____A C:\AdwCleaner[S3].txt
2013-04-24 04:40 - 2013-04-24 04:40 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-04-24 04:38 - 2013-04-24 04:49 - 00001728 ____A C:\AdwCleaner[R4].txt
2013-04-24 04:37 - 2013-04-24 04:37 - 00619461 ____A C:\Users\admin\Desktop\AdwCleaner.exe
2013-04-24 03:14 - 2013-04-24 03:19 - 00003658 ____A C:\find.txt
2013-04-24 03:07 - 2013-04-24 03:10 - 00000000 ____D C:\coreinfo
2013-04-24 00:48 - 2013-04-24 00:48 - 00153880 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-24 00:20 - 2013-04-24 00:20 - 00377856 ____A C:\Users\admin\Desktop\3q9c0z12.exe
2013-04-22 18:50 - 2013-04-22 21:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\Process Hacker 2
2013-04-22 18:44 - 2013-04-22 18:44 - 00001793 ____A C:\Users\admin\Desktop\Process Hacker 2.lnk
2013-04-22 18:44 - 2013-04-22 18:44 - 00000000 ____D C:\Program Files\Process Hacker 2
2013-04-21 17:44 - 2013-04-01 05:48 - 00602112 ____A (OldTimer Tools) C:\Users\admin\Desktop\OTL.exe
2013-04-21 15:49 - 2013-04-21 15:49 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-04-20 06:11 - 2013-04-20 06:12 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-04-19 23:37 - 2013-04-19 23:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-04-19 23:33 - 2013-04-19 23:34 - 00000000 ____D C:\Users\admin\Downloads\Malwarebytes Anti-Malware 1.75.0.1300 PRO Final [ChingLiu]
2013-04-19 17:09 - 2013-04-19 17:09 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-04-19 17:01 - 2013-04-19 17:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-19 06:50 - 2013-04-19 06:50 - 00001000 ____A C:\Users\admin\Desktop\SpyDLLRemover.lnk
2013-04-19 06:50 - 2013-04-19 06:50 - 00000000 ____D C:\Program Files\SecurityXploded
2013-04-18 04:00 - 2013-04-18 04:01 - 00000000 ____A C:\Windows\System32\getservice.txt
2013-04-17 04:10 - 2013-04-17 04:10 - 00000892 ____A C:\avenger.txt
2013-04-17 03:40 - 2013-04-17 03:40 - 00153880 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 03:30 - 2013-04-17 03:30 - 00001568 ____A C:\Windows\System32\RootkitReveal.txt
2013-04-14 06:53 - 2013-04-14 06:53 - 00153880 ____A C:\Windows\Minidump\Mini041513-01.dmp
2013-04-13 00:08 - 2013-05-04 06:59 - 00000000 ____D C:\Users\admin\Desktop\SmitfraudFix
2013-04-12 23:13 - 2013-04-13 00:08 - 00000136 ____A C:\VundoFix.txt
2013-04-10 20:22 - 2013-04-10 20:24 - 00000000 ____D C:\rsit
2013-04-10 20:22 - 2013-04-10 20:23 - 00000000 ____D C:\Program Files\trend micro
2013-04-10 02:34 - 2013-04-10 02:34 - 00153880 ____A C:\Windows\Minidump\Mini041013-01.dmp
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:35 - 2013-04-06 19:36 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:19 - 2013-04-06 19:20 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-06 03:22 - 2013-05-04 00:57 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 03:15 - 2013-04-23 17:31 - 00816128 ____A C:\Users\admin\Desktop\RogueKiller.exe
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
==================== One Month Modified Files and Folders ========
2013-05-05 15:13 - 2013-05-05 15:13 - 00001565 ____A C:\RKreport[5]_S_05052013_02d1513.txt
2013-05-05 15:13 - 2009-06-15 17:41 - 00000000 ___RD C:\Users\admin\Desktop\Extraz
2013-05-05 15:12 - 2013-05-05 15:12 - 00001813 ____A C:\RKreport[4]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001491 ____A C:\RKreport[3]_S_05052013_02d1512.txt
2013-05-05 15:12 - 2013-05-05 15:12 - 00001454 ____A C:\RKreport[2]_S_05052013_02d1512.txt
2013-05-05 15:11 - 2013-05-05 15:11 - 00001716 ____A C:\RKreport[1]_S_05052013_02d1511.txt
2013-05-05 15:09 - 2013-05-05 15:09 - 00000000 ____D C:\RK_Quarantine
2013-05-04 18:43 - 2013-03-26 04:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-05-04 18:04 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-04 18:04 - 2006-11-02 04:47 - 00003552 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 17:08 - 2006-11-02 02:33 - 01591034 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-04 17:06 - 2013-03-30 07:45 - 00002647 ____A C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk
2013-05-04 17:04 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.dat
2013-05-04 17:04 - 2012-03-17 01:09 - 00034901 ____A C:\ProgramData\nvModes.001
2013-05-04 17:03 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-04 17:01 - 2013-02-26 05:23 - 00022690 ____A C:\Windows\PFRO.log
2013-05-04 17:01 - 2009-07-03 20:04 - 00000000 ____D C:\Program Files\uTorrent
2013-05-04 17:00 - 2013-05-04 17:00 - 1877077796 ____A C:\Windows\Procmon.pmb
2013-05-04 06:59 - 2013-04-13 00:08 - 00000000 ____D C:\Users\admin\Desktop\SmitfraudFix
2013-05-04 06:55 - 2013-05-04 06:55 - 00000714 ____A C:\Users\admin\Documents\efsefse.log
2013-05-04 06:45 - 2009-06-15 20:38 - 00000000 ____D C:\Users\admin\AppData\Roaming\X-Chat 2
2013-05-04 06:44 - 2012-05-23 00:56 - 00478371 ____A C:\Windows\WindowsUpdate.log
2013-05-04 05:57 - 2013-03-26 00:50 - 00000000 ____D C:\FRST
2013-05-04 05:56 - 2013-05-04 05:56 - 00000512 ____A C:\Users\admin\Desktop\MBRCheck_MBR_Backup_05-05-13_01-56-39.bak
2013-05-04 05:56 - 2013-05-04 05:51 - 00011105 ____A C:\Users\admin\Desktop\MBRCheck_05.05.13_01.51.54.txt
2013-05-04 01:29 - 2009-07-03 20:04 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2013-05-04 01:08 - 2013-05-04 01:08 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (32bit)(1-click run)(registered)
2013-05-04 01:08 - 2010-05-06 17:43 - 00000000 ____D C:\Users\admin\Documents\Installers2
2013-05-04 01:06 - 2013-05-04 01:06 - 00000000 ____D C:\Users\admin\Downloads\xplorer2 Ultimate 2.3.0.1 (64bit)(1-click run)(registered)
2013-05-04 00:57 - 2013-04-06 03:22 - 00000000 ____D C:\Users\admin\Desktop\RK_Quarantine
2013-05-04 00:35 - 2013-05-04 00:35 - 00399124 ____A C:\Users\admin\Desktop\checkdisk.zip
2013-05-04 00:33 - 2013-05-04 00:33 - 00080384 ____A C:\Users\admin\Desktop\MBRCheck.exe
2013-05-03 19:30 - 2013-05-03 19:30 - 00347424 ____A (Microsoft Corporation) C:\Users\admin\Desktop\MicrosoftFixit.WinSecurity.Run.exe
2013-05-03 17:43 - 2009-09-16 04:51 - 00000000 ____D C:\Users\admin\AppData\Roaming\dvdcss
2013-05-03 06:50 - 2013-05-03 06:50 - 00064392 ___AH (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON23.SYS
2013-05-03 01:10 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\tracing
2013-05-02 20:46 - 2013-05-02 20:46 - 03152316 ____A C:\Users\admin\Desktop\servicez.reg
2013-05-02 20:44 - 2013-03-17 02:44 - 00020348 ____A C:\Users\admin\Desktop\TESTS.txt
2013-05-02 20:39 - 2013-05-02 20:39 - 00017452 ____A C:\Users\admin\Desktop\confi.txt
2013-05-02 19:58 - 2013-05-02 19:58 - 00426668 ____A C:\Users\admin\Desktop\Windows6.0-KB958644-x86.msu
2013-05-02 01:58 - 2010-11-16 08:18 - 00000000 ____D C:\Program Files\Common Files\Java
2013-05-02 01:56 - 2013-05-02 01:57 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-02 01:56 - 2013-05-02 01:57 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-02 01:56 - 2013-05-02 01:57 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-05-02 01:48 - 2010-11-16 08:17 - 00000000 ____D C:\Program Files\Java
2013-05-01 23:58 - 2009-06-14 18:07 - 00103936 ____A C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-01 05:50 - 2013-04-01 06:05 - 00181064 ____A (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-05-01 04:51 - 2013-05-01 04:50 - 00000000 ___SD C:\32788R22FWJFW
2013-04-30 22:06 - 2013-04-30 21:03 - 00000000 ____D C:\ComboFix
2013-04-30 22:05 - 2011-04-02 06:43 - 00000000 ____D C:\Qoobox
2013-04-30 21:21 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-04-30 20:04 - 2013-04-30 20:04 - 05061928 ____R (Swearware) C:\Users\admin\Desktop\ComboFix.exe
2013-04-30 19:49 - 2013-04-04 01:50 - 00000939 ____A C:\Users\admin\Desktop\BlueScreenView.cfg
2013-04-30 18:48 - 2013-04-30 18:31 - 00000460 ____A C:\Users\admin\Desktop\SystemLook.txt
2013-04-30 18:29 - 2013-04-30 18:29 - 00139264 ____A C:\Users\admin\Desktop\SystemLook.exe
2013-04-30 04:45 - 2013-04-30 04:45 - 00185344 ____A C:\Windows\System32\Drivers\KeDetective130.sys
2013-04-30 04:02 - 2013-04-30 04:02 - 00035904 ____A (VirusBlokAda Ltd.) C:\Windows\System32\Drivers\19kzdy5e.sys
2013-04-29 06:30 - 2009-10-04 23:22 - 00000000 ____D C:\Users\admin\AppData\Local\Xenocode
2013-04-29 06:29 - 2013-04-29 06:29 - 00000000 ____D C:\FU_Backup
2013-04-29 06:29 - 2011-11-02 16:27 - 00000000 ____D C:\Program Files\Memeo
2013-04-29 06:29 - 2009-08-20 22:05 - 00000000 ____D C:\Program Files\MySecretFolder
2013-04-29 05:25 - 2013-04-29 05:25 - 00153880 ____A C:\Windows\Minidump\Mini043013-01.dmp
2013-04-29 05:25 - 2009-06-14 21:46 - 00000000 ____D C:\Windows\Minidump
2013-04-29 05:24 - 2013-02-26 05:23 - 117159758 ____A C:\Windows\MEMORY.DMP
2013-04-27 22:03 - 2010-04-18 18:22 - 00000000 ____D C:\ProgramData\NVIDIA
2013-04-27 21:53 - 2006-11-02 05:01 - 00032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-27 21:52 - 2013-04-27 21:52 - 00000616 ____A C:\Users\admin\Desktop\Downloads - Shortcut.lnk
2013-04-27 17:29 - 2009-06-20 05:07 - 00000000 ____D C:\Program Files\CONEXANT
2013-04-27 17:24 - 2009-06-14 19:13 - 00000000 ____D C:\Program Files\InstallShield Installation Information
2013-04-27 17:23 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Daily Crossword
2013-04-27 17:23 - 2010-03-08 03:44 - 00000000 ____D C:\Users\admin\AppData\Local\Currency Exchange
2013-04-27 04:40 - 2013-04-27 04:39 - 00131072 ____A C:\Windows\Minidump\Mini042813-01.dmp
2013-04-26 21:55 - 2013-04-26 21:55 - 00153880 ____A C:\Windows\Minidump\Mini042713-01.dmp
2013-04-25 02:59 - 2009-07-26 02:48 - 00000000 ____D C:\Program Files\IrfanView
2013-04-24 05:21 - 2013-04-01 19:39 - 00000000 ____D C:\ProgramData\RegRun
2013-04-24 05:14 - 2009-10-20 17:39 - 00000000 ____D C:\Program Files\Ahead
2013-04-24 05:12 - 2013-04-24 05:11 - 00015304 ____A C:\Windows\System32\iiSetup.log
2013-04-24 05:11 - 2013-01-20 15:57 - 00000605 ____A C:\Windows\wencyc01.ini
2013-04-24 05:11 - 2013-01-20 15:57 - 00000012 ____A C:\Windows\timeline.ini
2013-04-24 05:10 - 2009-07-30 23:16 - 00000000 ____D C:\Program Files\Common Files\Real
2013-04-24 05:10 - 2009-07-30 23:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Real
2013-04-24 05:08 - 2011-10-13 04:48 - 00000000 ____D C:\Users\admin\AppData\Roaming\Vso
2013-04-24 04:50 - 2013-04-24 04:49 - 00001892 ____A C:\AdwCleaner[S3].txt
2013-04-24 04:50 - 2009-06-15 18:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-04-24 04:49 - 2013-04-24 04:38 - 00001728 ____A C:\AdwCleaner[R4].txt
2013-04-24 04:40 - 2013-04-24 04:40 - 00000000 ____D C:\Program Files\Hosts_Anti_Adwares_PUPs
2013-04-24 04:37 - 2013-04-24 04:37 - 00619461 ____A C:\Users\admin\Desktop\AdwCleaner.exe
2013-04-24 03:19 - 2013-04-24 03:14 - 00003658 ____A C:\find.txt
2013-04-24 03:10 - 2013-04-24 03:07 - 00000000 ____D C:\coreinfo
2013-04-24 02:22 - 2013-03-19 00:48 - 00000750 ____A C:\Windows\setupact.log
2013-04-24 02:22 - 2013-03-19 00:48 - 00000274 ____A C:\Windows\setuperr.log
2013-04-24 02:22 - 2009-06-20 04:02 - 00044857 ____A C:\Windows\diagerr.xml
2013-04-24 02:22 - 2009-06-20 04:02 - 00002189 ____A C:\Windows\diagwrn.xml
2013-04-24 00:48 - 2013-04-24 00:48 - 00153880 ____A C:\Windows\Minidump\Mini042413-01.dmp
2013-04-24 00:20 - 2013-04-24 00:20 - 00377856 ____A C:\Users\admin\Desktop\3q9c0z12.exe
2013-04-23 20:19 - 2010-08-06 00:36 - 00000000 ____D C:\Program Files\DrWeb
2013-04-23 17:31 - 2013-04-05 03:15 - 00816128 ____A C:\Users\admin\Desktop\RogueKiller.exe
2013-04-22 21:00 - 2013-04-22 18:50 - 00000000 ____D C:\Users\admin\AppData\Roaming\Process Hacker 2
2013-04-22 18:44 - 2013-04-22 18:44 - 00001793 ____A C:\Users\admin\Desktop\Process Hacker 2.lnk
2013-04-22 18:44 - 2013-04-22 18:44 - 00000000 ____D C:\Program Files\Process Hacker 2
2013-04-21 18:21 - 2012-02-11 02:19 - 00196608 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-04-21 18:21 - 2012-02-11 02:19 - 00065536 ____A C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-04-21 18:21 - 2012-02-11 00:16 - 01245184 ____A C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-04-21 15:55 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-04-21 15:49 - 2013-04-21 15:49 - 00000000 ____D C:\Program Files\FileASSASSIN
2013-04-20 06:12 - 2013-04-20 06:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 9
2013-04-19 23:37 - 2013-04-19 23:37 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2013-04-19 23:34 - 2013-04-19 23:33 - 00000000 ____D C:\Users\admin\Downloads\Malwarebytes Anti-Malware 1.75.0.1300 PRO Final [ChingLiu]
2013-04-19 17:09 - 2013-04-19 17:09 - 00000000 ____D C:\Users\admin\AppData\Local\Macromedia
2013-04-19 17:06 - 2009-06-26 20:56 - 00000000 ____D C:\ProgramData\Adobe
2013-04-19 17:01 - 2013-04-19 17:01 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-04-19 17:01 - 2012-01-15 23:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-04-19 06:50 - 2013-04-19 06:50 - 00001000 ____A C:\Users\admin\Desktop\SpyDLLRemover.lnk
2013-04-19 06:50 - 2013-04-19 06:50 - 00000000 ____D C:\Program Files\SecurityXploded
2013-04-18 04:11 - 2009-06-14 17:31 - 00000000 ____D C:\users\admin
2013-04-18 04:01 - 2013-04-18 04:00 - 00000000 ____A C:\Windows\System32\getservice.txt
2013-04-17 06:17 - 2013-03-17 03:39 - 00000000 ____D C:\Users\admin\AppData\Roaming\Runscanner.net
2013-04-17 04:13 - 2013-04-02 18:49 - 00000000 ____D C:\Avenger
2013-04-17 04:10 - 2013-04-17 04:10 - 00000892 ____A C:\avenger.txt
2013-04-17 03:40 - 2013-04-17 03:40 - 00153880 ____A C:\Windows\Minidump\Mini041713-01.dmp
2013-04-17 03:30 - 2013-04-17 03:30 - 00001568 ____A C:\Windows\System32\RootkitReveal.txt
2013-04-16 04:45 - 2009-10-28 13:55 - 00000116 ____A C:\Windows\NeroDigital.ini
2013-04-16 04:31 - 2011-04-02 05:53 - 00004206 ____N C:\Win32.Worm.Downladup.Gen.log
2013-04-14 23:22 - 2010-12-04 05:09 - 00000000 ____D C:\Users\admin\Documents\Installers3
2013-04-14 06:53 - 2013-04-14 06:53 - 00153880 ____A C:\Windows\Minidump\Mini041513-01.dmp
2013-04-13 00:08 - 2013-04-12 23:13 - 00000136 ____A C:\VundoFix.txt
2013-04-11 04:28 - 2011-12-30 03:39 - 00007028 ____A C:\Users\admin\Desktop\js.txt
2013-04-10 20:24 - 2013-04-10 20:22 - 00000000 ____D C:\rsit
2013-04-10 20:23 - 2013-04-10 20:22 - 00000000 ____D C:\Program Files\trend micro
2013-04-10 03:07 - 2009-10-28 13:39 - 00000000 ____D C:\Program Files\Common Files\Nero
2013-04-10 02:38 - 2009-10-20 17:39 - 00000000 ____D C:\Program Files\Common Files\Ahead
2013-04-10 02:34 - 2013-04-10 02:34 - 00153880 ____A C:\Windows\Minidump\Mini041013-01.dmp
2013-04-07 03:42 - 2013-04-07 03:42 - 00000000 ____D C:\Program Files\Speccy
2013-04-07 03:39 - 2009-07-22 05:13 - 00000000 ____D C:\Program Files\Cain
2013-04-07 03:38 - 2011-12-18 03:50 - 00000000 ____D C:\Program Files\CACE Technologies
2013-04-06 19:44 - 2013-04-06 19:44 - 00256904 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-04-06 19:44 - 2013-04-06 19:44 - 00132256 ____A (trend_company_name) C:\Windows\System32\Drivers\tmrkb.sys
2013-04-06 19:37 - 2013-04-06 19:37 - 00000313 ____A C:\AdwCleaner[S2].txt
2013-04-06 19:36 - 2013-04-06 19:35 - 00001402 ____A C:\AdwCleaner[R3].txt
2013-04-06 19:20 - 2013-04-06 19:19 - 00000512 ____A C:\Users\admin\Documents\MBR.dat
2013-04-06 19:15 - 2013-04-03 03:44 - 00031424 ____A C:\Windows\System32\Drivers\ERKRmvrDrv.sys
2013-04-06 05:19 - 2010-10-15 02:56 - 00000000 ____D C:\Program Files\USBScan
2013-04-06 05:02 - 2013-04-06 05:02 - 00000504 ____A C:\RootRepeal report 04-07-13 (01-02-27).txt
2013-04-05 21:18 - 2006-11-02 02:23 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts_bak_815
2013-04-05 21:15 - 2006-11-02 02:22 - 36438016 ____A C:\Windows\System32\config\software.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 35127296 ____A C:\Windows\System32\config\system.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 09453568 ____A C:\Windows\System32\config\COMPON~3.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 04718592 ____A C:\Windows\System32\config\default.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00057344 ____A C:\Windows\System32\config\sam.bak
2013-04-05 21:15 - 2006-11-02 02:22 - 00032768 ____A C:\Windows\System32\config\security.bak
2013-04-05 21:14 - 2011-04-02 06:44 - 00000000 ____D C:\Windows\ERDNT
2013-04-05 04:34 - 2013-04-05 04:34 - 00153880 ____A C:\Windows\Minidump\Mini040613-01.dmp
2013-04-05 03:06 - 2013-04-05 03:06 - 00012125 ____A C:\Users\admin\Documents\IDT.log
2013-04-05 03:06 - 2013-04-05 03:06 - 00003386 ____A C:\Users\admin\Documents\GDT.log
2013-04-05 03:03 - 2013-04-05 03:03 - 00033452 ____A (Conexant Systems) C:\Users\admin\Documents\testestses
==================== Known DLLs ==============================
[2006-11-02 00:51] - [2006-11-02 01:46] - 0523776 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 1314816 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2006-11-02 01:16] - [2006-11-02 01:46] - 0770048 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0454656 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0296448 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2006-11-02 00:49] - [2006-11-02 01:46] - 0266752 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2006-11-02 01:00] - [2006-11-02 01:46] - 0152576 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0115200 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2006-11-02 00:33] - [2006-11-02 01:46] - 0874496 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2006-11-02 00:39] - [2006-11-02 01:46] - 0805888 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2006-11-02 00:30] - [2006-11-02 01:46] - 0681472 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2006-11-02 00:33] - [2006-11-02 00:33] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2006-11-02 00:57] - [2006-11-02 01:46] - 0010240 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2012-02-17 17:38] - [2012-02-17 17:38] - 0558080 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2006-11-02 00:51] - [2006-11-02 01:46] - 0789504 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2012-02-17 17:39] - [2012-02-17 17:39] - 1585664 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 11314688 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0339968 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 1149952 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0502784 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2006-11-02 00:50] - [2006-11-02 01:46] - 0822272 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2006-11-02 00:46] - [2006-11-02 01:46] - 0288768 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2006-11-02 00:58] - [2006-11-02 01:46] - 0178688 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2006-11-02 00:47] - [2006-11-02 01:45] - 2923520 ____A (Microsoft Corporation) FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2006-11-02 00:38] - [2006-11-02 01:46] - 0633856 ____A (Microsoft Corporation) E698A5437B89A285ACA3FF022356810A
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2006-11-02 00:52] - [2006-11-02 01:51] - 0208488 ____A (Microsoft Corporation) 11EF6C1CAEF76B685233450A126125D6
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-04-24 05:05:45
Restore point made on: 2013-04-24 05:13:02
Restore point made on: 2013-04-25 21:57:56
Restore point made on: 2013-04-27 17:24:03
Restore point made on: 2013-04-27 17:26:42
Restore point made on: 2013-04-27 17:28:30
Restore point made on: 2013-04-29 23:50:21
Restore point made on: 2013-05-01 15:27:56
Restore point made on: 2013-05-02 01:44:43
Restore point made on: 2013-05-02 01:46:58
Restore point made on: 2013-05-02 01:55:27
Restore point made on: 2013-05-02 20:01:25
Restore point made on: 2013-05-03 18:37:39
==================== Memory info ===========================
Percentage of memory in use: 31%
Total physical RAM: 1278.94 MB
Available physical RAM: 876.56 MB
Total Pagefile: 1119.89 MB
Available Pagefile: 946.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.6 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:74.53 GB) (Free:19.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (LRMCFRE_EN_DVD) (CDROM) (Total:2.49 GB) (Free:0 GB) UDF
3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 1081 KB
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 1024 KB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 75 GB Healthy
=========================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 999CA4E5
Partition 1:
=========
Hex: 8020210007FEFFFF0008000000E85009
Active: YES
Type: 07 (NTFS)
Size: 75 GB
Last Boot: 2013-05-04 17:08
==================== End Of Log ============================
Edited by stemoc, 04 May 2013 - 11:09 PM.
#26
Posted 05 May 2013 - 04:53 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Looks like we may have a backup driver for SR. I have never heard of malware breaking RAM
Download this fixlist.txt to the same USB as FRST
Run FRST as before and press fix.
A log will be produced on the USB could you post that
Download this fixlist.txt to the same USB as FRST
Run FRST as before and press fix.
A log will be produced on the USB could you post that
#27
Posted 05 May 2013 - 08:55 AM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
No,(19kzdy5e.sys ) isn't a virus, its the sys file for Vba32 Anti-Rootkit...
yes one of my RAM is completely gone, when i plug it in the screen becomes very Colourful and shakes continuously..had to replace that 512 with a 256 spare i had..i assume all the random shutdowns and reboots may have killed it..or maybe the virus tried to write itself in the RAM many times to load on startup causing it to fail
yes one of my RAM is completely gone, when i plug it in the screen becomes very Colourful and shakes continuously..had to replace that 512 with a 256 spare i had..i assume all the random shutdowns and reboots may have killed it..or maybe the virus tried to write itself in the RAM many times to load on startup causing it to fail
#28
Posted 05 May 2013 - 09:49 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
I can find no information on that file or the manufacturer
#29
Posted 05 May 2013 - 05:53 PM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
#30
Posted 06 May 2013 - 06:41 AM
stemoc
- Topic Starter
-
- Member
-
- 19 posts
Member
this is a FULL SYSTEM LOG via a tool called XueTr
Attached Files
-
full report.txt 1.78MB
153 downloads
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
