Jump to content

numoupower

Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Canada
  1. numoupower
    JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Apr 05 13:56:29 2014 Found and removed: C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.7.0_17 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting. Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.04.05.04 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: GORDON-30421596 [administrator] 4/5/2014 1:59:23 PMmbar-log-2014-04-05 (13-59-23).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.Objects scanned: 219713Time elapsed: 20 minute(s), 59 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.3 (03.23.2014:1)OS: Microsoft Windows XP x86Ran by Administrator on Sat 04/05/2014 at 14:24:03.07~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbhoSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree CodecSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree CodecSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbarSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fefSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fefSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files\myfree codec"Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\local settings\application data\asktoolbar"Successfully deleted: [Folder] "C:\WINXP\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 04/05/2014 at 14:28:49.59Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v3.023 - Report created 05/04/2014 at 14:38:03# Updated 01/04/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Administrator - GORDON-30421596# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [x] Not Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codec ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5EDKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Google Chrome v [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2704 octets] - [05/04/2014 14:32:35]AdwCleaner[s0].txt - [2670 octets] - [05/04/2014 14:38:03] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2730 octets] ########## C:\Documents and Settings\Administrator\My Documents\Downloads\ccsetup311.exe Win32/Bundled.Toolbar.Google.E potentially unsafe applicationC:\Documents and Settings\Administrator\My Documents\Downloads\cdbxp_setup_4.3.7.2356.exe Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\Administrator\My Documents\Downloads\cdbxp_setup_4.3.8.2631.exe Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\Administrator\My Documents\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01Ran by Administrator (administrator) on GORDON-30421596 on 05-04-2014 16:31:04Running from C:\Documents and Settings\Administrator\DesktopMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\WINXP\System32\smss.exe(Microsoft Corporation) C:\WINXP\system32\csrss.exe(Microsoft Corporation) C:\WINXP\system32\winlogon.exe(Microsoft Corporation) C:\WINXP\system32\services.exe(Microsoft Corporation) C:\WINXP\system32\lsass.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\WINXP\System32\svchost.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) C:\WINXP\system32\spoolsv.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files\CDBurnerXP\NMSAccessU.exe(Smart Link) C:\WINXP\system32\slserv.exe(Microsoft Corporation) C:\WINXP\system32\svchost.exe(Microsoft Corporation) C:\WINXP\Explorer.EXE(Microsoft Corporation) C:\WINXP\System32\alg.exe(Microsoft Corporation) C:\WINXP\system32\wscntfy.exe(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe(Intel Corporation) C:\WINXP\system32\hkcmd.exe(Intel Corporation) C:\WINXP\system32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe(SEIKO EPSON CORPORATION) C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Samsung) C:\Program Files\Samsung\Kies\Kies.exe(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe() C:\Program Files\Content Manager\CmTray.exe(Microsoft Corporation) C:\WINXP\system32\NOTEPAD.EXE(Microsoft Corporation) C:\WINXP\System32\svchost.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)HKLM\...\Run: [igfxtray] - C:\WINXP\system32\igfxtray.exe [94208 2005-09-20] (Intel Corporation)HKLM\...\Run: [igfxhkcmd] - C:\WINXP\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)HKLM\...\Run: [igfxpers] - C:\WINXP\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)HKLM\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.)HKLM\...\Winlogon: [userinit] C:\WINXP\system32\userinit.exe,HKLM\...\Winlogon: [shell] Explorer.exe [x ] ()HKLM\...\Winlogon: [uIHost] logonui.exe [x ] ()Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll (Microsoft Corporation)Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll (Microsoft Corporation)Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll (Microsoft Corporation)Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll (Microsoft Corporation)Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll (Microsoft Corporation)Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll (Microsoft Corporation)Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)Winlogon\Notify\WgaLogon: C:\WINXP\system32\WgaLogon.dll (Microsoft Corporation)Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation)HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-12-15] (SUPERAntiSpyware)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [CmTray] - C:\Program Files\Content Manager\launchCM.exe [94208 2011-12-28] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htmHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF3A86FAA785BCB01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htmSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/searchSearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation)Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation)Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll (Microsoft Corporation)ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21]CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-03-11] (Adobe Systems Incorporated)S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation)R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation)S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation)S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation)R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation)R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation)R2 Browser; C:\WINXP\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation)S3 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation)S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)S3 COMSysApp; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation)R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation)S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software)R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.)R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation)S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation)R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation)R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation)R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)S3 FontCache3.0.0.0; c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation)R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation)S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation)R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation)S3 idsvc; c:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation)S2 KMService; C:\WINXP\system32\srvany.exe [8192 2012-08-03] ()R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation)R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation)S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation)S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation)S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation)S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation)S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation)S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation)S4 NetTcpPortSharing; c:\WINXP\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2010-09-16] (Microsoft Corporation)R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] ()S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation)R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation)R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation)R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation)S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation)S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation)R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation)S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation)R2 RpcSs; C:\WINXP\System32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation)S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation)R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation)S3 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation)R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation)R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation)R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation)R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation)R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)R2 SLService; C:\WINXP\system32\slserv.exe [73796 2008-04-14] (Smart Link)R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation)R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation)R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation)R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation)S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation)S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation)R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation)R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation)R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation)R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation)R3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation)S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation)S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation)R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation)R2 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation)R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation)S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation)S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation)S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation)S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation)R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation)R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation)R2 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation)R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2010-09-16] (Microsoft Corporation)S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation)S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation)S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation)R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation)S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation)R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation)S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation)S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2010-09-16] (Microsoft Corporation)R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation)R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation)S3 dg_ssudbus; C:\WINXP\System32\DRIVERS\ssudbus.sys [83168 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software)R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software)R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.)S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)R3 E100B; C:\WINXP\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation)S4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation)R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation)R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation)R3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation)R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation)U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation)R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation)R3 GEARAspiWDM; C:\WINXP\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.)R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation)R3 hidusb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation)S1 i8042prt; C:\WINXP\system32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation)R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation)R1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation)R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation)R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation)S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation)S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation)S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation)R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation)R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation)S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation)R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation)R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation)R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation)S3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)S3 libusb0; C:\WINXP\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation)R3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2010-09-16] (Microsoft Corporation)R3 MODEMCSA; C:\WINXP\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation)R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2010-09-16] (Microsoft Corporation)R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2010-09-16] (Microsoft Corporation)R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation)R0 MpFilter; C:\WINXP\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)R3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation)R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-07-15] (Microsoft Corporation)R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation)S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2010-09-16] (Microsoft Corporation)R3 Mtlmnt5; C:\WINXP\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link)S3 Mtlstrm; C:\WINXP\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link)R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation)R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2010-09-16] (Microsoft Corporation)R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation)R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation)R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation)R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation)R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation)S3 NtMtlFax; C:\WINXP\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link)R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation)S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation)S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation)R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2010-09-16] (Microsoft Corporation)R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation)R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation)R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation)R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation)S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation)R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation)R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation)R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.)R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation)R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation)R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation)R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation)R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation)R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation)R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation)S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)R0 RecAgent; C:\WINXP\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link)R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)R3 senfilt; C:\WINXP\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.)R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation)R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation)S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation)R3 Slntamr; C:\WINXP\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link)S3 SlNtHal; C:\WINXP\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link)R3 SlWdmSup; C:\WINXP\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link)R3 smwdm; C:\WINXP\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.)S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)R0 sptd; C:\WINXP\System32\Drivers\sptd.sys [691696 2010-09-25] ()R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation)R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)S3 ssudmdm; C:\WINXP\System32\DRIVERS\ssudmdm.sys [181344 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr))R2 StarOpen; C:\WINXP\system32\Drivers\StarOpen.sys [5504 2012-06-03] ()R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2010-09-16] (Microsoft Corporation)S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2010-09-16] (Microsoft Corporation)S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation)S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation)R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation)R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation)S3 USBAAPL; C:\WINXP\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.)S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation)R3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation)R3 usbprint; C:\WINXP\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)R3 usbscan; C:\WINXP\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)R3 usbstor; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation)R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation)R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation)R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation)S3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation)R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)S3 WinUSB; C:\WINXP\System32\DRIVERS\WinUSB.sys [39368 2006-11-02] (Microsoft Corporation)S3 WpdUsb; C:\WINXP\System32\DRIVERS\wpdusb.sys [38528 2010-09-16] (Microsoft Corporation)R1 WS2IFSL; C:\WINXP\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation)R0 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation)S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation)U3 alevcdwd; C:\WINXP\system32\Drivers\alevcdwd.sys [0 ] (Microsoft Corporation)S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-05 16:28 - 2014-04-05 16:30 - 00000573 _____ () C:\Documents and Settings\Administrator\Desktop\eset2.txt2014-04-05 15:37 - 2014-04-05 15:37 - 00000220 _____ () C:\Documents and Settings\Administrator\Desktop\eset1.txt2014-04-05 14:43 - 2014-04-05 14:43 - 00000000 ____D () C:\Program Files\ESET2014-04-05 14:42 - 2014-04-05 14:43 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe2014-04-05 14:32 - 2014-04-05 14:38 - 00000000 ____D () C:\AdwCleaner2014-04-05 14:31 - 2014-04-05 14:31 - 01426178 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe2014-04-05 14:28 - 2014-04-05 14:28 - 00003080 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\WINXP\ERUNT2014-04-05 13:59 - 2014-04-05 14:20 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-05 13:58 - 2014-04-05 13:58 - 01038974 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\JavaRa.log2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa.log2014-04-05 13:55 - 2014-04-05 13:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RemoveJava2014-04-05 13:51 - 2014-04-05 13:53 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe2014-04-05 13:51 - 2014-04-05 13:51 - 00165483 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa-1.16-28-5-13.zip2014-04-04 22:57 - 2014-04-04 22:58 - 00033110 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt2014-04-04 22:55 - 2014-04-05 16:31 - 00032339 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt2014-04-04 22:54 - 2014-04-04 22:57 - 00000000 ____D () C:\FRST2014-04-04 22:49 - 2014-04-04 22:50 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons2014-04-01 12:37 - 2010-09-23 20:08 - 00000207 _____ () C:\Boot.bak2014-04-01 12:37 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr2014-04-01 12:33 - 2014-04-01 12:53 - 00000000 ____D () C:\Qoobox2014-04-01 12:33 - 2014-04-01 12:52 - 00000000 ____D () C:\WINXP\erdnt2014-04-01 12:33 - 2011-06-26 03:45 - 00256000 _____ () C:\WINXP\PEV.exe2014-04-01 12:33 - 2010-11-07 14:20 - 00208896 _____ () C:\WINXP\MBR.exe2014-04-01 12:33 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00098816 _____ () C:\WINXP\sed.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00080412 _____ () C:\WINXP\grep.exe2014-04-01 12:33 - 2000-08-30 21:00 - 00068096 _____ () C:\WINXP\zip.exe2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt2014-04-01 12:29 - 2014-04-01 12:30 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt2014-03-28 21:19 - 2014-03-28 21:18 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt2014-03-28 21:17 - 2014-04-05 14:39 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-03-28 21:17 - 2014-04-01 12:26 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt2014-03-28 18:58 - 2014-04-05 13:59 - 00107224 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys2014-03-28 18:58 - 2014-04-05 13:57 - 00052312 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-03-28 18:58 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$2014-03-28 16:27 - 2014-03-28 16:31 - 00000000 ____D () C:\WINXP\system32\MRT2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____N (Microsoft Corporation) C:\WINXP\system32\xp_eos.exe2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\xp_eos.exe2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$2014-03-11 22:49 - 2014-03-12 03:03 - 00024160 _____ () C:\WINXP\KB2929961.log2014-03-11 22:48 - 2014-03-12 03:02 - 00025476 _____ () C:\WINXP\KB2930275.log ==================== One Month Modified Files and Folders ======= 2014-04-05 16:31 - 2014-04-04 22:55 - 00032339 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt2014-04-05 16:30 - 2014-04-05 16:28 - 00000573 _____ () C:\Documents and Settings\Administrator\Desktop\eset2.txt2014-04-05 16:05 - 2012-04-08 13:25 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job2014-04-05 15:37 - 2014-04-05 15:37 - 00000220 _____ () C:\Documents and Settings\Administrator\Desktop\eset1.txt2014-04-05 15:36 - 2011-02-08 19:27 - 00001010 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job2014-04-05 15:34 - 2010-10-26 19:12 - 00000900 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job2014-04-05 14:49 - 2013-10-20 03:23 - 00000384 ____H () C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job2014-04-05 14:43 - 2014-04-05 14:43 - 00000000 ____D () C:\Program Files\ESET2014-04-05 14:43 - 2014-04-05 14:42 - 02347384 _____ (ESET) C:\Documents and Settings\Administrator\Desktop\esetsmartinstaller_enu.exe2014-04-05 14:40 - 2010-09-23 20:12 - 01982189 _____ () C:\WINXP\WindowsUpdate.log2014-04-05 14:39 - 2014-03-28 21:17 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-04-05 14:39 - 2010-10-26 19:12 - 00000896 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job2014-04-05 14:39 - 2010-09-23 20:18 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT2014-04-05 14:39 - 2010-09-23 17:04 - 00000159 _____ () C:\WINXP\wiadebug.log2014-04-05 14:39 - 2010-09-23 17:04 - 00000048 _____ () C:\WINXP\wiaservc.log2014-04-05 14:39 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl2014-04-05 14:38 - 2014-04-05 14:32 - 00000000 ____D () C:\AdwCleaner2014-04-05 14:38 - 2010-09-23 20:18 - 00032528 _____ () C:\WINXP\SchedLgU.Txt2014-04-05 14:38 - 2010-09-23 20:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini2014-04-05 14:31 - 2014-04-05 14:31 - 01426178 _____ () C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe2014-04-05 14:28 - 2014-04-05 14:28 - 00003080 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt2014-04-05 14:23 - 2010-09-25 13:44 - 00131072 _____ () C:\WINXP\system32\config\OAlerts.evt2014-04-05 14:21 - 2014-04-05 14:21 - 00000000 ____D () C:\WINXP\ERUNT2014-04-05 14:21 - 2010-09-23 16:55 - 00000000 ____D () C:\WINXP2014-04-05 14:20 - 2014-04-05 13:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-05 13:59 - 2014-03-28 18:58 - 00107224 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys2014-04-05 13:58 - 2014-04-05 13:58 - 01038974 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe2014-04-05 13:57 - 2014-04-05 13:57 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\mbar2014-04-05 13:57 - 2014-03-28 18:58 - 00052312 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\JavaRa.log2014-04-05 13:56 - 2014-04-05 13:56 - 00001050 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa.log2014-04-05 13:55 - 2014-04-05 13:55 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\RemoveJava2014-04-05 13:53 - 2014-04-05 13:51 - 12589848 _____ (Malwarebytes Corp.) C:\Documents and Settings\Administrator\Desktop\mbar-1.07.0.1009.exe2014-04-05 13:52 - 2010-09-23 21:38 - 00000000 ____D () C:\WINXP\system32\appmgmt2014-04-05 13:51 - 2014-04-05 13:51 - 00165483 _____ () C:\Documents and Settings\Administrator\Desktop\JavaRa-1.16-28-5-13.zip2014-04-05 12:36 - 2011-02-08 19:27 - 00000958 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job2014-04-05 11:53 - 2011-10-20 15:44 - 01091612 _____ () C:\WINXP\KB2481109.log2014-04-04 22:58 - 2014-04-04 22:57 - 00033110 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt2014-04-04 22:57 - 2014-04-04 22:54 - 00000000 ____D () C:\FRST2014-04-04 22:50 - 2014-04-04 22:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe2014-04-02 23:50 - 2012-05-05 03:01 - 00001694 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk2014-04-02 23:50 - 2011-02-06 16:42 - 00001945 _____ () C:\WINXP\epplauncher.mif2014-04-02 23:50 - 2011-02-06 16:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt2014-04-01 12:53 - 2014-04-01 12:33 - 00000000 ____D () C:\Qoobox2014-04-01 12:52 - 2014-04-01 12:33 - 00000000 ____D () C:\WINXP\erdnt2014-04-01 12:51 - 2008-04-14 09:00 - 00000227 _____ () C:\WINXP\system.ini2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons2014-04-01 12:37 - 2010-09-23 16:58 - 00000323 __RSH () C:\boot.ini2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt2014-04-01 12:30 - 2014-04-01 12:29 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe2014-04-01 12:26 - 2014-03-28 21:17 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt2014-03-28 21:18 - 2014-03-28 21:19 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt2014-03-28 21:16 - 2004-11-08 04:01 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2646524$2014-03-28 19:52 - 2014-03-01 22:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$2014-03-28 16:31 - 2014-03-28 16:27 - 00000000 ____D () C:\WINXP\system32\MRT2014-03-28 16:31 - 2011-11-10 04:06 - 00338520 _____ () C:\WINXP\tsoc.log2014-03-28 16:31 - 2011-11-10 04:06 - 00244674 _____ () C:\WINXP\comsetup.log2014-03-28 16:31 - 2011-11-10 04:06 - 00223284 _____ () C:\WINXP\msmqinst.log2014-03-28 16:31 - 2011-11-10 04:06 - 00148977 _____ () C:\WINXP\ntdtcsetup.log2014-03-28 16:31 - 2011-11-10 04:06 - 00129960 _____ () C:\WINXP\netfxocm.log2014-03-28 16:31 - 2011-11-10 04:06 - 00051000 _____ () C:\WINXP\MedCtrOC.log2014-03-28 16:31 - 2011-11-10 04:06 - 00041040 _____ () C:\WINXP\ocmsn.log2014-03-28 16:31 - 2011-11-10 04:06 - 00037320 _____ () C:\WINXP\tabletoc.log2014-03-28 16:31 - 2011-11-10 04:06 - 00037080 _____ () C:\WINXP\msgsocm.log2014-03-28 16:31 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.log2014-03-28 16:31 - 2011-11-10 04:05 - 00793000 _____ () C:\WINXP\iis6.log2014-03-28 16:31 - 2011-11-10 04:05 - 00741443 _____ () C:\WINXP\FaxSetup.log2014-03-28 16:31 - 2011-11-10 04:05 - 00423600 _____ () C:\WINXP\ocgen.log2014-03-28 16:24 - 2011-02-08 19:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk2014-03-14 08:29 - 2014-02-28 15:40 - 01871609 _____ () C:\Documents and Settings\Administrator\Desktop\MultiGenre Slideshow.pptx2014-03-13 10:01 - 2011-11-01 20:02 - 00152468 _____ () C:\WINXP\setupapi.log2014-03-13 09:53 - 2010-09-23 17:00 - 00593560 _____ () C:\WINXP\system32\PerfStringBackup.INI2014-03-12 03:20 - 2010-09-23 16:58 - 00267800 _____ () C:\WINXP\system32\FNTCACHE.DAT2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log2014-03-12 03:04 - 2011-11-11 04:00 - 00061679 _____ () C:\WINXP\updspapi.log2014-03-12 03:04 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.BAK2014-03-12 03:04 - 2010-09-25 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$2014-03-12 03:03 - 2014-03-11 22:49 - 00024160 _____ () C:\WINXP\KB2929961.log2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$2014-03-12 03:02 - 2014-03-11 22:48 - 00025476 _____ () C:\WINXP\KB2930275.log2014-03-11 23:05 - 2014-02-07 08:06 - 05128584 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe2014-03-11 23:05 - 2012-04-08 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe2014-03-11 23:05 - 2011-07-18 19:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl2014-03-07 12:51 - 2014-02-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\ENGLISH 621 Some content of TEMP:====================C:\Documents and Settings\Administrator\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINXP\explorer.exe[2008-04-14 09:00] - [2008-04-14 09:00] - 1033728 ____A (Microsoft Corporation) C:\WINXP\system32\winlogon.exe[2008-04-14 09:00] - [2008-04-14 09:00] - 0507904 ____A (Microsoft Corporation) C:\WINXP\system32\svchost.exe[2008-04-14 09:00] - [2008-04-14 09:00] - 0014336 ____A (Microsoft Corporation) C:\WINXP\system32\services.exe[2010-09-16 13:11] - [2010-09-16 13:11] - 0110592 ____A (Microsoft Corporation) C:\WINXP\system32\User32.dll[2008-04-14 09:00] - [2008-04-14 09:00] - 0578560 ____A (Microsoft Corporation) C:\WINXP\system32\userinit.exe[2008-04-14 09:00] - [2008-04-14 09:00] - 0026112 ____A (Microsoft Corporation) C:\WINXP\system32\rpcss.dll[2010-09-16 13:11] - [2010-09-16 13:11] - 0401408 ____A (Microsoft Corporation) ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.C:\WINXP\system32\Drivers\volsnap.sys[2008-04-14 09:00] - [2008-04-14 09:00] - 0052352 ____A (Microsoft Corporation) ==================== End Of Log ============================
  2. numoupower
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Administrator (administrator) on GORDON-30421596 on 04-04-2014 22:55:24 Running from C:\Documents and Settings\Administrator\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\WINXP\System32\smss.exe (Microsoft Corporation) C:\WINXP\system32\csrss.exe (Microsoft Corporation) C:\WINXP\system32\winlogon.exe (Microsoft Corporation) C:\WINXP\system32\services.exe (Microsoft Corporation) C:\WINXP\system32\lsass.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\WINXP\System32\svchost.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) C:\WINXP\system32\spoolsv.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Microsoft Corporation) C:\WINXP\Explorer.EXE (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe () C:\Program Files\CDBurnerXP\NMSAccessU.exe (Smart Link) C:\WINXP\system32\slserv.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation) C:\WINXP\system32\svchost.exe (Intel Corporation) C:\WINXP\system32\hkcmd.exe (Intel Corporation) C:\WINXP\system32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (SEIKO EPSON CORPORATION) C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (Microsoft Corporation) C:\WINXP\system32\wuauclt.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (Samsung) C:\Program Files\Samsung\Kies\Kies.exe (Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe () C:\Program Files\Content Manager\CmTray.exe (Microsoft Corporation) C:\WINXP\system32\wbem\wmiprvse.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\WINXP\System32\alg.exe (Microsoft Corporation) C:\WINXP\System32\svchost.exe (Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [soundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [igfxtray] - C:\WINXP\system32\igfxtray.exe [94208 2005-09-20] (Intel Corporation) HKLM\...\Run: [igfxhkcmd] - C:\WINXP\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation) HKLM\...\Run: [igfxpers] - C:\WINXP\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation) HKLM\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [310280 2012-12-20] (Samsung Electronics Co., Ltd.) HKLM\...\Winlogon: [userinit] C:\WINXP\system32\userinit.exe, HKLM\...\Winlogon: [shell] Explorer.exe [x ] () HKLM\...\Winlogon: [uIHost] logonui.exe [x ] () Winlogon\Notify\crypt32chain: C:\WINXP\system32\crypt32.dll (Microsoft Corporation) Winlogon\Notify\cryptnet: C:\WINXP\system32\cryptnet.dll (Microsoft Corporation) Winlogon\Notify\cscdll: C:\WINXP\system32\cscdll.dll (Microsoft Corporation) Winlogon\Notify\dimsntfy: C:\WINXP\System32\dimsntfy.dll (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\WINXP\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\ScCertProp: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\Schedule: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\sclgntfy: C:\WINXP\system32\sclgntfy.dll (Microsoft Corporation) Winlogon\Notify\SensLogn: C:\WINXP\system32\WlNotify.dll (Microsoft Corporation) Winlogon\Notify\termsrv: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation) Winlogon\Notify\WgaLogon: C:\WINXP\system32\WgaLogon.dll (Microsoft Corporation) Winlogon\Notify\wlballoon: C:\WINXP\system32\wlnotify.dll (Microsoft Corporation) HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [520424 2013-03-06] (Microsoft Corporation) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-26] (Google Inc.) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [EPSON Stylus CX4800 Series] - C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5717272 2013-12-15] (SUPERAntiSpyware) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1476104 2012-12-20] (Samsung) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.) HKU\S-1-5-21-1085031214-1972579041-1177238915-500\...\Run: [CmTray] - C:\Program Files\Content Manager\launchCM.exe [94208 2011-12-28] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF3A86FAA785BCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINXP\system32\urlmon.dll (Microsoft Corporation) Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINXP\system32\wiascr.dll (Microsoft Corporation) Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINXP\system32\SHELL32.dll (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-21] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) S3 AdobeFlashPlayerUpdateSvc; C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-03-11] (Adobe Systems Incorporated) S4 Alerter; C:\WINXP\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) R3 ALG; C:\WINXP\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) S3 AppMgmt; C:\WINXP\System32\appmgmts.dll [167936 2008-04-14] (Microsoft Corporation) S3 aspnet_state; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [35160 2010-03-18] (Microsoft Corporation) R2 AudioSrv; C:\WINXP\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) R2 BITS; C:\WINXP\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) R2 Browser; C:\WINXP\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) S3 CiSvc; C:\WINXP\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) S3 ClipSrv; C:\WINXP\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) S4 clr_optimization_v2.0.50727_32; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation) S2 clr_optimization_v4.0.30319_32; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation) S3 COMSysApp; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) R2 CryptSvc; C:\WINXP\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) R2 DcomLaunch; C:\WINXP\system32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation) R2 Dhcp; C:\WINXP\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) S3 dmadmin; C:\WINXP\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) R2 dmserver; C:\WINXP\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) R2 Dnscache; C:\WINXP\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) S3 Dot3svc; C:\WINXP\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) S3 EapHost; C:\WINXP\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) R2 ERSvc; C:\WINXP\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) R2 Eventlog; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation) R3 EventSystem; C:\WINXP\system32\es.dll [253952 2010-09-16] (Microsoft Corporation) R3 FastUserSwitchingCompatibility; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) S3 FontCache3.0.0.0; c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation) R2 helpsvc; C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) R2 HidServ; C:\WINXP\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) S3 hkmsvc; C:\WINXP\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) R3 HTTPFilter; C:\WINXP\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) S3 idsvc; c:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation) S3 ImapiService; C:\WINXP\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161704 2012-07-05] (Oracle Corporation) S2 KMService; C:\WINXP\system32\srvany.exe [8192 2012-08-03] () R2 LanmanServer; C:\WINXP\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) R2 lanmanworkstation; C:\WINXP\System32\wkssvc.dll [134144 2010-09-16] (Microsoft Corporation) R2 LmHosts; C:\WINXP\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) S4 Messenger; C:\WINXP\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) S3 mnmsrvc; C:\WINXP\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) S3 MSDTC; C:\WINXP\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) S3 MSIServer; C:\WINXP\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S3 napagent; C:\WINXP\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) S4 NetDDE; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) S4 NetDDEdsdm; C:\WINXP\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) S3 Netlogon; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R3 Netman; C:\WINXP\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) S4 NetTcpPortSharing; c:\WINXP\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation) R3 Nla; C:\WINXP\System32\mswsock.dll [245248 2010-09-16] (Microsoft Corporation) R2 NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096 2010-03-04] () S3 NtLmSsp; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) S3 NtmsSvc; C:\WINXP\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) R2 PlugPlay; C:\WINXP\system32\services.exe [110592 2010-09-16] (Microsoft Corporation) R2 PolicyAgent; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) R2 ProtectedStorage; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) S3 RasAuto; C:\WINXP\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) R3 RasMan; C:\WINXP\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) S3 RDSessMgr; C:\WINXP\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) S4 RemoteAccess; C:\WINXP\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) R2 RemoteRegistry; C:\WINXP\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) S3 RpcLocator; C:\WINXP\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) R2 RpcSs; C:\WINXP\System32\rpcss.dll [401408 2010-09-16] (Microsoft Corporation) S3 RSVP; C:\WINXP\system32\rsvp.exe [132608 2008-04-14] (Microsoft Corporation) R2 SamSs; C:\WINXP\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) S3 SCardSvr; C:\WINXP\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) R2 Schedule; C:\WINXP\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) R2 seclogon; C:\WINXP\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) R2 SENS; C:\WINXP\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) R2 SharedAccess; C:\WINXP\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) R2 ShellHWDetection; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) R2 SLService; C:\WINXP\system32\slserv.exe [73796 2008-04-14] (Smart Link) R2 Spooler; C:\WINXP\system32\spoolsv.exe [58880 2010-09-16] (Microsoft Corporation) R2 srservice; C:\WINXP\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) R3 SSDPSRV; C:\WINXP\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) R2 stisvc; C:\WINXP\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) S3 SwPrv; C:\WINXP\system32\dllhost.exe [5120 2008-04-14] (Microsoft Corporation) S3 SysmonLog; C:\WINXP\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) R3 TapiSrv; C:\WINXP\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) R3 TermService; C:\WINXP\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) R2 Themes; C:\WINXP\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation) S3 TlntSvr; C:\WINXP\system32\tlntsvr.exe [73216 2008-04-14] (Microsoft Corporation) R2 TrkWks; C:\WINXP\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) R3 upnphost; C:\WINXP\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) S3 UPS; C:\WINXP\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) S3 VSS; C:\WINXP\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) R2 W32Time; C:\WINXP\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) R2 WebClient; C:\WINXP\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) R2 winmgmt; C:\WINXP\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) S3 WmdmPmSN; C:\WINXP\system32\mspmsnsv.dll [27136 2010-09-16] (Microsoft Corporation) S3 Wmi; C:\WINXP\System32\advapi32.dll [617472 2010-09-16] (Microsoft Corporation) S3 WmiApSrv; C:\WINXP\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) S3 WPFFontCache_v0400; C:\WINXP\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [756392 2013-07-20] (Microsoft Corporation) R2 wscsvc; C:\WINXP\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) R2 wuauserv; C:\WINXP\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) R2 WudfSvc; C:\WINXP\System32\WUDFSvc.dll [55808 2010-09-16] (Microsoft Corporation) R2 WZCSVC; C:\WINXP\System32\wzcsvc.dll [483840 2010-09-16] (Microsoft Corporation) S3 xmlprov; C:\WINXP\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R0 ACPI; C:\WINXP\System32\DRIVERS\ACPI.sys [187776 2008-04-14] (Microsoft Corporation) S4 ACPIEC; C:\WINXP\system32\Drivers\ACPIEC.sys [11648 2008-04-14] (Microsoft Corporation) S3 aec; C:\WINXP\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation) R1 AFD; C:\WINXP\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) S3 AsyncMac; C:\WINXP\System32\DRIVERS\asyncmac.sys [14336 2008-04-14] (Microsoft Corporation) R0 atapi; C:\WINXP\System32\DRIVERS\atapi.sys [96512 2008-04-14] (Microsoft Corporation) S3 Atmarpc; C:\WINXP\System32\DRIVERS\atmarpc.sys [59904 2008-04-14] (Microsoft Corporation) R3 audstub; C:\WINXP\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) R1 Beep; C:\WINXP\system32\Drivers\Beep.sys [4224 2008-04-14] (Microsoft Corporation) S4 cbidf2k; C:\WINXP\system32\Drivers\cbidf2k.sys [13952 2008-04-14] (Microsoft Corporation) S1 Cdaudio; C:\WINXP\system32\Drivers\Cdaudio.sys [18688 2010-09-16] (Microsoft Corporation) R4 Cdfs; C:\WINXP\system32\Drivers\Cdfs.sys [63744 2008-04-14] (Microsoft Corporation) R1 Cdrom; C:\WINXP\System32\DRIVERS\cdrom.sys [62976 2008-04-14] (Microsoft Corporation) S3 dg_ssudbus; C:\WINXP\System32\DRIVERS\ssudbus.sys [83168 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R0 Disk; C:\WINXP\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation) S4 dmboot; C:\WINXP\System32\drivers\dmboot.sys [799744 2008-04-14] (Microsoft Corp., Veritas Software) R0 dmio; C:\WINXP\System32\drivers\dmio.sys [153344 2008-04-14] (Microsoft Corp., Veritas Software) R0 dmload; C:\WINXP\System32\drivers\dmload.sys [5888 2008-04-14] (Microsoft Corp., Veritas Software.) S3 DMusic; C:\WINXP\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation) S3 drmkaud; C:\WINXP\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation) R3 E100B; C:\WINXP\System32\DRIVERS\e100b325.sys [154112 2004-02-10] (Intel Corporation) S4 Fastfat; C:\WINXP\system32\Drivers\Fastfat.sys [143744 2008-04-14] (Microsoft Corporation) R3 Fdc; C:\WINXP\System32\DRIVERS\fdc.sys [27392 2008-04-14] (Microsoft Corporation) R1 Fips; C:\WINXP\system32\Drivers\Fips.sys [44544 2008-04-14] (Microsoft Corporation) R3 Flpydisk; C:\WINXP\System32\DRIVERS\flpydisk.sys [20480 2008-04-14] (Microsoft Corporation) R0 FltMgr; C:\WINXP\System32\DRIVERS\fltMgr.sys [129792 2008-04-14] (Microsoft Corporation) U1 Fs_Rec; C:\WINXP\system32\Drivers\Fs_Rec.sys [7936 2008-04-14] (Microsoft Corporation) R0 Ftdisk; C:\WINXP\System32\DRIVERS\ftdisk.sys [125056 2008-04-14] (Microsoft Corporation) R3 GEARAspiWDM; C:\WINXP\System32\DRIVERS\GEARAspiWDM.sys [26600 2009-05-18] (GEAR Software Inc.) R3 Gpc; C:\WINXP\System32\DRIVERS\msgpc.sys [35072 2008-04-14] (Microsoft Corporation) R3 hidusb; C:\WINXP\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation) R3 HTTP; C:\WINXP\System32\Drivers\HTTP.sys [265728 2010-09-16] (Microsoft Corporation) S1 i8042prt; C:\WINXP\system32\Drivers\i8042prt.sys [52480 2008-04-14] (Microsoft Corporation) R3 ialm; C:\WINXP\System32\DRIVERS\ialmnt5.sys [1302332 2005-09-20] (Intel Corporation) R1 Imapi; C:\WINXP\System32\DRIVERS\imapi.sys [42112 2008-04-14] (Microsoft Corporation) R0 IntelIde; C:\WINXP\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) R1 intelppm; C:\WINXP\System32\DRIVERS\intelppm.sys [36352 2008-04-14] (Microsoft Corporation) S3 Ip6Fw; C:\WINXP\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-14] (Microsoft Corporation) S3 IpFilterDriver; C:\WINXP\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-14] (Microsoft Corporation) S3 IpInIp; C:\WINXP\System32\DRIVERS\ipinip.sys [20864 2008-04-14] (Microsoft Corporation) R3 IpNat; C:\WINXP\System32\DRIVERS\ipnat.sys [152832 2008-04-14] (Microsoft Corporation) R1 IPSec; C:\WINXP\System32\DRIVERS\ipsec.sys [75264 2008-04-14] (Microsoft Corporation) S3 IRENUM; C:\WINXP\System32\DRIVERS\irenum.sys [11264 2008-04-14] (Microsoft Corporation) R0 isapnp; C:\WINXP\System32\DRIVERS\isapnp.sys [37248 2008-04-14] (Microsoft Corporation) R1 Kbdclass; C:\WINXP\System32\DRIVERS\kbdclass.sys [24576 2008-04-14] (Microsoft Corporation) R1 kbdhid; C:\WINXP\System32\DRIVERS\kbdhid.sys [14592 2008-04-14] (Microsoft Corporation) S3 kmixer; C:\WINXP\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation) R0 KSecDD; C:\WINXP\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) S3 libusb0; C:\WINXP\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net) R1 mnmdd; C:\WINXP\system32\Drivers\mnmdd.sys [4224 2008-04-14] (Microsoft Corporation) R3 Modem; C:\WINXP\system32\Drivers\Modem.sys [30080 2010-09-16] (Microsoft Corporation) R3 MODEMCSA; C:\WINXP\System32\drivers\MODEMCSA.sys [16128 2001-08-17] (Microsoft Corporation) R1 Mouclass; C:\WINXP\System32\DRIVERS\mouclass.sys [23040 2010-09-16] (Microsoft Corporation) R3 mouhid; C:\WINXP\System32\DRIVERS\mouhid.sys [12160 2010-09-16] (Microsoft Corporation) R0 MountMgr; C:\WINXP\system32\Drivers\MountMgr.sys [42368 2008-04-14] (Microsoft Corporation) R0 MpFilter; C:\WINXP\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) R3 MRxDAV; C:\WINXP\System32\DRIVERS\mrxdav.sys [180608 2008-04-14] (Microsoft Corporation) R1 MRxSmb; C:\WINXP\System32\DRIVERS\mrxsmb.sys [457856 2011-07-15] (Microsoft Corporation) R1 Msfs; C:\WINXP\system32\Drivers\Msfs.sys [19072 2008-04-14] (Microsoft Corporation) S3 MSKSSRV; C:\WINXP\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation) S3 MSPCLOCK; C:\WINXP\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation) S3 MSPQM; C:\WINXP\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation) R3 mssmbios; C:\WINXP\System32\DRIVERS\mssmbios.sys [15488 2010-09-16] (Microsoft Corporation) R3 Mtlmnt5; C:\WINXP\System32\DRIVERS\Mtlmnt5.sys [126686 2008-04-13] (Smart Link) S3 Mtlstrm; C:\WINXP\System32\DRIVERS\Mtlstrm.sys [1309184 2008-04-13] (Smart Link) R0 Mup; C:\WINXP\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) R0 NDIS; C:\WINXP\system32\Drivers\NDIS.sys [182656 2008-04-14] (Microsoft Corporation) R3 NdisTapi; C:\WINXP\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) R3 Ndisuio; C:\WINXP\System32\DRIVERS\ndisuio.sys [14592 2010-09-16] (Microsoft Corporation) R3 NdisWan; C:\WINXP\System32\DRIVERS\ndiswan.sys [91520 2008-04-14] (Microsoft Corporation) R3 NDProxy; C:\WINXP\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) R1 NetBIOS; C:\WINXP\System32\DRIVERS\netbios.sys [34688 2008-04-14] (Microsoft Corporation) R1 NetBT; C:\WINXP\System32\DRIVERS\netbt.sys [162816 2008-04-14] (Microsoft Corporation) R1 Npfs; C:\WINXP\system32\Drivers\Npfs.sys [30848 2008-04-14] (Microsoft Corporation) R4 Ntfs; C:\WINXP\system32\Drivers\Ntfs.sys [574976 2008-04-14] (Microsoft Corporation) S3 NtMtlFax; C:\WINXP\System32\DRIVERS\NtMtlFax.sys [180360 2008-04-13] (Smart Link) R1 Null; C:\WINXP\system32\Drivers\Null.sys [2944 2008-04-14] (Microsoft Corporation) S3 NwlnkFlt; C:\WINXP\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-14] (Microsoft Corporation) S3 NwlnkFwd; C:\WINXP\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-14] (Microsoft Corporation) R3 Parport; C:\WINXP\System32\DRIVERS\parport.sys [80128 2010-09-16] (Microsoft Corporation) R0 PartMgr; C:\WINXP\system32\Drivers\PartMgr.sys [19712 2008-04-14] (Microsoft Corporation) R2 ParVdm; C:\WINXP\system32\Drivers\ParVdm.sys [6784 2008-04-14] (Microsoft Corporation) R0 PCI; C:\WINXP\System32\DRIVERS\pci.sys [68224 2008-04-14] (Microsoft Corporation) R0 PCIIde; C:\WINXP\system32\Drivers\PCIIde.sys [3328 2008-04-14] (Microsoft Corporation) S4 Pcmcia; C:\WINXP\system32\Drivers\Pcmcia.sys [120192 2008-04-14] (Microsoft Corporation) R3 PptpMiniport; C:\WINXP\System32\DRIVERS\raspptp.sys [48384 2008-04-14] (Microsoft Corporation) R3 PSched; C:\WINXP\System32\DRIVERS\psched.sys [69120 2008-04-14] (Microsoft Corporation) R3 Ptilink; C:\WINXP\System32\DRIVERS\ptilink.sys [17792 2008-04-14] (Parallel Technologies, Inc.) R1 RasAcd; C:\WINXP\System32\DRIVERS\rasacd.sys [8832 2008-04-14] (Microsoft Corporation) R3 Rasl2tp; C:\WINXP\System32\DRIVERS\rasl2tp.sys [51328 2008-04-14] (Microsoft Corporation) R3 RasPppoe; C:\WINXP\System32\DRIVERS\raspppoe.sys [41472 2008-04-14] (Microsoft Corporation) R3 Raspti; C:\WINXP\System32\DRIVERS\raspti.sys [16512 2008-04-14] (Microsoft Corporation) R1 Rdbss; C:\WINXP\System32\DRIVERS\rdbss.sys [175744 2008-04-14] (Microsoft Corporation) R1 RDPCDD; C:\WINXP\System32\DRIVERS\RDPCDD.sys [4224 2008-04-14] (Microsoft Corporation) R3 rdpdr; C:\WINXP\System32\DRIVERS\rdpdr.sys [196224 2008-04-13] (Microsoft Corporation) S3 RDPWD; C:\WINXP\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation) R0 RecAgent; C:\WINXP\System32\DRIVERS\RecAgent.sys [13776 2008-04-13] (Smart Link) R1 redbook; C:\WINXP\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Secdrv; C:\WINXP\System32\DRIVERS\secdrv.sys [20480 2008-04-14] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) R3 senfilt; C:\WINXP\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) R3 serenum; C:\WINXP\System32\DRIVERS\serenum.sys [15744 2008-04-14] (Microsoft Corporation) R1 Serial; C:\WINXP\System32\DRIVERS\serial.sys [64512 2008-04-14] (Microsoft Corporation) S1 Sfloppy; C:\WINXP\system32\Drivers\Sfloppy.sys [11392 2008-04-14] (Microsoft Corporation) R3 Slntamr; C:\WINXP\System32\DRIVERS\slntamr.sys [404990 2008-04-13] (Smart Link) S3 SlNtHal; C:\WINXP\System32\DRIVERS\Slnthal.sys [95424 2008-04-13] (Smart Link) R3 SlWdmSup; C:\WINXP\System32\DRIVERS\SlWdmSup.sys [13240 2008-04-13] (Smart Link) R3 smwdm; C:\WINXP\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.) S3 splitter; C:\WINXP\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation) R0 sptd; C:\WINXP\System32\Drivers\sptd.sys [691696 2010-09-25] () R0 sr; C:\WINXP\System32\DRIVERS\sr.sys [73472 2008-04-14] (Microsoft Corporation) R3 Srv; C:\WINXP\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) S3 ssudmdm; C:\WINXP\System32\DRIVERS\ssudmdm.sys [181344 2012-09-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) R2 StarOpen; C:\WINXP\system32\Drivers\StarOpen.sys [5504 2012-06-03] () R3 swenum; C:\WINXP\System32\DRIVERS\swenum.sys [4352 2010-09-16] (Microsoft Corporation) S3 swmidi; C:\WINXP\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation) R3 sysaudio; C:\WINXP\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation) R1 Tcpip; C:\WINXP\System32\DRIVERS\tcpip.sys [361600 2010-09-16] (Microsoft Corporation) S3 TDPIPE; C:\WINXP\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) S3 TDTCP; C:\WINXP\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) R1 TermDD; C:\WINXP\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) S4 Udfs; C:\WINXP\system32\Drivers\Udfs.sys [66048 2008-04-14] (Microsoft Corporation) R3 Update; C:\WINXP\System32\DRIVERS\update.sys [384768 2008-04-14] (Microsoft Corporation) S3 USBAAPL; C:\WINXP\System32\Drivers\usbaapl.sys [43520 2012-04-25] (Apple, Inc.) S3 usbaudio; C:\WINXP\System32\drivers\usbaudio.sys [60160 2013-07-16] (Microsoft Corporation) R3 usbccgp; C:\WINXP\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation) R3 usbehci; C:\WINXP\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) R3 usbhub; C:\WINXP\System32\DRIVERS\usbhub.sys [59520 2008-04-14] (Microsoft Corporation) R3 usbprint; C:\WINXP\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) R3 usbscan; C:\WINXP\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation) R3 usbstor; C:\WINXP\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation) R3 usbuhci; C:\WINXP\System32\DRIVERS\usbuhci.sys [20608 2008-04-14] (Microsoft Corporation) R1 VgaSave; C:\WINXP\System32\drivers\vga.sys [20992 2008-04-14] (Microsoft Corporation) R0 VolSnap; C:\WINXP\system32\Drivers\VolSnap.sys [52352 2008-04-14] (Microsoft Corporation) R3 Wanarp; C:\WINXP\System32\DRIVERS\wanarp.sys [34560 2008-04-14] (Microsoft Corporation) S3 Wdf01000; C:\WINXP\System32\Drivers\wdf01000.sys [503008 2008-03-27] (Microsoft Corporation) R3 wdmaud; C:\WINXP\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation) S3 WinUSB; C:\WINXP\System32\DRIVERS\WinUSB.sys [39368 2006-11-02] (Microsoft Corporation) S3 WpdUsb; C:\WINXP\System32\DRIVERS\wpdusb.sys [38528 2010-09-16] (Microsoft Corporation) R1 WS2IFSL; C:\WINXP\System32\drivers\ws2ifsl.sys [12032 2008-04-14] (Microsoft Corporation) R0 WudfPf; C:\WINXP\System32\DRIVERS\WudfPf.sys [77568 2010-09-16] (Microsoft Corporation) S3 WudfRd; C:\WINXP\System32\DRIVERS\wudfrd.sys [82944 2010-09-16] (Microsoft Corporation) U3 ac6gc95s; C:\WINXP\system32\Drivers\ac6gc95s.sys [0 ] (Microsoft Corporation) S3 catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-04 22:55 - 2014-04-04 22:55 - 00033563 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-04-04 22:54 - 2014-04-04 22:55 - 00000000 ____D () C:\FRST 2014-04-04 22:49 - 2014-04-04 22:50 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe 2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt 2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons 2014-04-01 12:37 - 2010-09-23 20:08 - 00000207 _____ () C:\Boot.bak 2014-04-01 12:37 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr 2014-04-01 12:33 - 2014-04-01 12:53 - 00000000 ____D () C:\Qoobox 2014-04-01 12:33 - 2014-04-01 12:52 - 00000000 ____D () C:\WINXP\erdnt 2014-04-01 12:33 - 2011-06-26 03:45 - 00256000 _____ () C:\WINXP\PEV.exe 2014-04-01 12:33 - 2010-11-07 14:20 - 00208896 _____ () C:\WINXP\MBR.exe 2014-04-01 12:33 - 2009-04-20 01:56 - 00060416 _____ (NirSoft) C:\WINXP\NIRCMD.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00518144 _____ (SteelWerX) C:\WINXP\SWREG.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00406528 _____ (SteelWerX) C:\WINXP\SWSC.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00212480 _____ (SteelWerX) C:\WINXP\SWXCACLS.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00098816 _____ () C:\WINXP\sed.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00080412 _____ () C:\WINXP\grep.exe 2014-04-01 12:33 - 2000-08-30 21:00 - 00068096 _____ () C:\WINXP\zip.exe 2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt 2014-04-01 12:29 - 2014-04-01 12:30 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe 2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt 2014-03-28 21:19 - 2014-03-28 21:18 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt 2014-03-28 21:17 - 2014-04-04 22:52 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-03-28 21:17 - 2014-04-01 12:26 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml 2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt 2014-03-28 18:58 - 2014-04-01 14:54 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-03-28 18:58 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys 2014-03-28 18:58 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys 2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log 2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$ 2014-03-28 16:27 - 2014-03-28 16:31 - 00000000 ____D () C:\WINXP\system32\MRT 2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____N (Microsoft Corporation) C:\WINXP\system32\xp_eos.exe 2014-03-28 16:10 - 2014-02-25 22:59 - 00013312 ____C (Microsoft Corporation) C:\WINXP\system32\dllcache\xp_eos.exe 2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log 2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$ 2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$ 2014-03-11 22:49 - 2014-03-12 03:03 - 00024160 _____ () C:\WINXP\KB2929961.log 2014-03-11 22:48 - 2014-03-12 03:02 - 00025476 _____ () C:\WINXP\KB2930275.log ==================== One Month Modified Files and Folders ======= 2014-04-04 22:55 - 2014-04-04 22:55 - 00033563 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt 2014-04-04 22:55 - 2014-04-04 22:54 - 00000000 ____D () C:\FRST 2014-04-04 22:53 - 2010-09-23 20:12 - 01932232 _____ () C:\WINXP\WindowsUpdate.log 2014-04-04 22:52 - 2014-03-28 21:17 - 00000234 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-04-04 22:52 - 2010-10-26 19:12 - 00000896 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-04 22:52 - 2010-09-23 20:18 - 00000006 ____H () C:\WINXP\Tasks\SA.DAT 2014-04-04 22:52 - 2010-09-23 17:04 - 00000159 _____ () C:\WINXP\wiadebug.log 2014-04-04 22:52 - 2010-09-23 17:04 - 00000048 _____ () C:\WINXP\wiaservc.log 2014-04-04 22:52 - 2008-04-14 09:00 - 00002206 _____ () C:\WINXP\system32\wpa.dbl 2014-04-04 22:51 - 2010-09-23 20:18 - 00032544 _____ () C:\WINXP\SchedLgU.Txt 2014-04-04 22:51 - 2010-09-23 20:18 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-04-04 22:50 - 2014-04-04 22:49 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe 2014-04-04 22:49 - 2014-04-04 22:49 - 00448512 _____ (OldTimer Tools) C:\Documents and Settings\Administrator\Desktop\TFC.exe 2014-04-04 22:44 - 2010-09-23 16:55 - 00000000 ____D () C:\WINXP 2014-04-04 22:36 - 2011-02-08 19:27 - 00001010 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job 2014-04-04 22:34 - 2010-10-26 19:12 - 00000900 _____ () C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-04 22:05 - 2012-04-08 13:25 - 00000826 _____ () C:\WINXP\Tasks\Adobe Flash Player Updater.job 2014-04-04 12:36 - 2011-02-08 19:27 - 00000958 _____ () C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job 2014-04-04 06:16 - 2011-10-20 15:44 - 01088951 _____ () C:\WINXP\KB2481109.log 2014-04-03 10:31 - 2013-10-20 03:23 - 00000384 ____H () C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job 2014-04-02 23:50 - 2012-05-05 03:01 - 00001694 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-04-02 23:50 - 2011-02-06 16:42 - 00001945 _____ () C:\WINXP\epplauncher.mif 2014-04-02 23:50 - 2011-02-06 16:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-01 14:54 - 2014-03-28 18:58 - 00107736 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\MBAMSwissArmy.sys 2014-04-01 12:53 - 2014-04-01 12:53 - 00012953 _____ () C:\ComboFix.txt 2014-04-01 12:53 - 2014-04-01 12:33 - 00000000 ____D () C:\Qoobox 2014-04-01 12:52 - 2014-04-01 12:33 - 00000000 ____D () C:\WINXP\erdnt 2014-04-01 12:51 - 2008-04-14 09:00 - 00000227 _____ () C:\WINXP\system.ini 2014-04-01 12:37 - 2014-04-01 12:37 - 00000000 _RSHD () C:\cmdcons 2014-04-01 12:37 - 2010-09-23 16:58 - 00000323 __RSH () C:\boot.ini 2014-04-01 12:32 - 2014-04-01 12:32 - 00000058 _____ () C:\Documents and Settings\Administrator\Desktop\mb1.txt 2014-04-01 12:30 - 2014-04-01 12:29 - 05192353 ____R (Swearware) C:\Documents and Settings\Administrator\Desktop\ComboFix.exe 2014-04-01 12:26 - 2014-03-28 21:17 - 00000228 _____ () C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-03-28 21:19 - 2014-03-28 21:19 - 00021526 _____ () C:\Documents and Settings\Administrator\Desktop\attach.txt 2014-03-28 21:18 - 2014-03-28 21:19 - 00010815 _____ () C:\Documents and Settings\Administrator\Desktop\dds.txt 2014-03-28 21:16 - 2004-11-08 04:01 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2646524$ 2014-03-28 19:52 - 2014-03-01 22:18 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-03-28 19:49 - 2014-03-28 19:49 - 00014666 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.xml 2014-03-28 19:49 - 2014-03-28 19:49 - 00004969 _____ () C:\Documents and Settings\Administrator\Desktop\mbam1.txt 2014-03-28 18:58 - 2014-03-28 18:58 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-03-28 18:58 - 2014-03-28 18:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-03-28 16:31 - 2014-03-28 16:31 - 00011467 _____ () C:\WINXP\KB2934207.log 2014-03-28 16:31 - 2014-03-28 16:31 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2934207$ 2014-03-28 16:31 - 2014-03-28 16:27 - 00000000 ____D () C:\WINXP\system32\MRT 2014-03-28 16:31 - 2011-11-10 04:06 - 00338520 _____ () C:\WINXP\tsoc.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00244674 _____ () C:\WINXP\comsetup.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00223284 _____ () C:\WINXP\msmqinst.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00148977 _____ () C:\WINXP\ntdtcsetup.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00129960 _____ () C:\WINXP\netfxocm.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00051000 _____ () C:\WINXP\MedCtrOC.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00041040 _____ () C:\WINXP\ocmsn.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00037320 _____ () C:\WINXP\tabletoc.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00037080 _____ () C:\WINXP\msgsocm.log 2014-03-28 16:31 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.log 2014-03-28 16:31 - 2011-11-10 04:05 - 00793000 _____ () C:\WINXP\iis6.log 2014-03-28 16:31 - 2011-11-10 04:05 - 00741443 _____ () C:\WINXP\FaxSetup.log 2014-03-28 16:31 - 2011-11-10 04:05 - 00423600 _____ () C:\WINXP\ocgen.log 2014-03-28 16:24 - 2011-02-08 19:32 - 00002344 _____ () C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk 2014-03-14 10:58 - 2010-09-25 13:44 - 00131072 _____ () C:\WINXP\system32\config\OAlerts.evt 2014-03-14 08:29 - 2014-02-28 15:40 - 01871609 _____ () C:\Documents and Settings\Administrator\Desktop\MultiGenre Slideshow.pptx 2014-03-13 10:01 - 2011-11-01 20:02 - 00152468 _____ () C:\WINXP\setupapi.log 2014-03-13 09:53 - 2010-09-23 17:00 - 00593560 _____ () C:\WINXP\system32\PerfStringBackup.INI 2014-03-12 03:20 - 2010-09-23 16:58 - 00267800 _____ () C:\WINXP\system32\FNTCACHE.DAT 2014-03-12 03:04 - 2014-03-12 03:04 - 00019695 _____ () C:\WINXP\KB2925418-IE8.log 2014-03-12 03:04 - 2011-11-11 04:00 - 00061679 _____ () C:\WINXP\updspapi.log 2014-03-12 03:04 - 2011-11-10 04:06 - 00001374 _____ () C:\WINXP\imsins.BAK 2014-03-12 03:04 - 2010-09-25 13:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help 2014-03-12 03:03 - 2014-03-12 03:03 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2929961$ 2014-03-12 03:03 - 2014-03-11 22:49 - 00024160 _____ () C:\WINXP\KB2929961.log 2014-03-12 03:02 - 2014-03-12 03:02 - 00000000 __HDC () C:\WINXP\$NtUninstallKB2930275$ 2014-03-12 03:02 - 2014-03-11 22:48 - 00025476 _____ () C:\WINXP\KB2930275.log 2014-03-11 23:05 - 2014-02-07 08:06 - 05128584 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerInstaller.exe 2014-03-11 23:05 - 2012-04-08 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerApp.exe 2014-03-11 23:05 - 2011-07-18 19:20 - 00071048 _____ (Adobe Systems Incorporated) C:\WINXP\system32\FlashPlayerCPLApp.cpl 2014-03-07 12:51 - 2014-02-11 18:35 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\ENGLISH 621 2014-03-05 09:26 - 2014-03-28 18:58 - 00050648 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-28 18:58 - 00023256 _____ (Malwarebytes Corporation) C:\WINXP\system32\Drivers\mbam.sys ==================== Bamital & volsnap Check ================= C:\WINXP\explorer.exe [2008-04-14 09:00] - [2008-04-14 09:00] - 1033728 ____A (Microsoft Corporation) C:\WINXP\system32\winlogon.exe [2008-04-14 09:00] - [2008-04-14 09:00] - 0507904 ____A (Microsoft Corporation) C:\WINXP\system32\svchost.exe [2008-04-14 09:00] - [2008-04-14 09:00] - 0014336 ____A (Microsoft Corporation) C:\WINXP\system32\services.exe [2010-09-16 13:11] - [2010-09-16 13:11] - 0110592 ____A (Microsoft Corporation) C:\WINXP\system32\User32.dll [2008-04-14 09:00] - [2008-04-14 09:00] - 0578560 ____A (Microsoft Corporation) C:\WINXP\system32\userinit.exe [2008-04-14 09:00] - [2008-04-14 09:00] - 0026112 ____A (Microsoft Corporation) C:\WINXP\system32\rpcss.dll [2010-09-16 13:11] - [2010-09-16 13:11] - 0401408 ____A (Microsoft Corporation) ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\WINXP\system32\Drivers\volsnap.sys [2008-04-14 09:00] - [2008-04-14 09:00] - 0052352 ____A (Microsoft Corporation) ==================== End Of Log ============================ ****************************************************************************************************************************************** Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-04-04 22:57:06 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}) (Version: 5.2.0.6 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.8.0.0 - Ask.com) <==== ATTENTION Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Brother MFL-Pro Suite MFC-J280W (HKLM\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.13.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP) Chilton Total Car Care: Ford Trucks (HKLM\...\{E4817521-4404-4195-9E06-E9DC47E39C97}) (Version: 1.00.001 - ) Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.12005.2 - Cisco Consumer Products LLC) Content Manager (HKLM\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0 (HKLM\...\DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1) (Version: - Fengtao Software Inc.) EPSON CX 4200 4800 Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - ) EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) Foxit Reader 5.0 (HKLM\...\Foxit Reader_is1) (Version: 5.0.1.0527 - Foxit Corporation) Garmin MetroGuide Canada v5 (HKLM\...\{34437DD2-0A04-44DE-B566-75C1FCA081FF}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Trip and Waypoint Manager v4 (HKLM\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries) GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - ) Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - ) iTunes (HKLM\...\{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}) (Version: 10.6.3.25 - Apple Inc.) Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden Java 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle) JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Kobo (HKLM\...\Kobo) (Version: 2.1.6 - Kobo Inc.) magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.) Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation) Mozilla Thunderbird 24.2.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.2.0 (x86 en-US)) (Version: 24.2.0 - Mozilla) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Pidgin (HKLM\...\Pidgin) (Version: 2.7.3 - ) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices) Speccy (HKLM\...\Speccy) (Version: 1.05 - Piriform) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version: - Microsoft Corporation) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) ==================== Restore Points ========================= 19-01-2014 20:14:05 Installed Content Manager 19-01-2014 20:20:41 Software Distribution Service 3.0 20-01-2014 00:21:07 Software Distribution Service 3.0 22-01-2014 18:00:12 Software Distribution Service 3.0 23-01-2014 18:00:04 Software Distribution Service 3.0 24-01-2014 17:56:47 Software Distribution Service 3.0 25-01-2014 17:53:06 Software Distribution Service 3.0 26-01-2014 05:35:59 Software Distribution Service 3.0 27-01-2014 17:47:01 Software Distribution Service 3.0 28-01-2014 17:50:45 Software Distribution Service 3.0 31-01-2014 16:56:28 Software Distribution Service 3.0 07-02-2014 11:10:16 Software Distribution Service 3.0 08-02-2014 11:04:51 Software Distribution Service 3.0 09-02-2014 06:03:12 Software Distribution Service 3.0 10-02-2014 06:10:54 Software Distribution Service 3.0 11-02-2014 21:32:48 Software Distribution Service 3.0 12-02-2014 21:29:28 Software Distribution Service 3.0 13-02-2014 07:00:51 Software Distribution Service 3.0 14-02-2014 07:59:26 System Checkpoint 14-02-2014 08:07:14 Software Distribution Service 3.0 15-02-2014 08:03:05 Software Distribution Service 3.0 16-02-2014 05:35:41 Software Distribution Service 3.0 16-02-2014 08:01:17 Software Distribution Service 3.0 17-02-2014 08:00:12 Software Distribution Service 3.0 18-02-2014 07:57:19 Software Distribution Service 3.0 19-02-2014 08:00:28 Software Distribution Service 3.0 20-02-2014 08:54:46 System Checkpoint 21-02-2014 07:41:03 Software Distribution Service 3.0 22-02-2014 07:36:42 Software Distribution Service 3.0 23-02-2014 05:34:56 Software Distribution Service 3.0 24-02-2014 05:39:17 System Checkpoint 24-02-2014 07:30:50 Software Distribution Service 3.0 25-02-2014 07:28:04 Software Distribution Service 3.0 26-02-2014 02:25:46 Software Distribution Service 3.0 26-02-2014 06:24:39 Software Distribution Service 3.0 26-02-2014 10:23:33 Software Distribution Service 3.0 26-02-2014 14:22:26 Software Distribution Service 3.0 26-02-2014 18:22:33 Software Distribution Service 3.0 26-02-2014 22:21:22 Software Distribution Service 3.0 27-02-2014 22:23:40 System Checkpoint 27-02-2014 22:26:16 Software Distribution Service 3.0 28-02-2014 22:49:55 System Checkpoint 01-03-2014 13:06:27 Software Distribution Service 3.0 02-03-2014 05:37:53 Software Distribution Service 3.0 02-03-2014 13:02:55 Software Distribution Service 3.0 03-03-2014 12:59:32 Software Distribution Service 3.0 04-03-2014 13:04:31 Software Distribution Service 3.0 05-03-2014 13:40:50 System Checkpoint 06-03-2014 12:46:09 Software Distribution Service 3.0 07-03-2014 12:52:44 Software Distribution Service 3.0 08-03-2014 13:26:33 System Checkpoint 09-03-2014 05:40:03 Software Distribution Service 3.0 09-03-2014 12:32:12 Software Distribution Service 3.0 10-03-2014 12:34:04 Software Distribution Service 3.0 11-03-2014 12:23:30 Software Distribution Service 3.0 12-03-2014 06:00:28 Software Distribution Service 3.0 13-03-2014 13:00:06 Software Distribution Service 3.0 14-03-2014 13:00:36 Software Distribution Service 3.0 28-03-2014 19:14:30 Software Distribution Service 3.0 28-03-2014 19:27:07 Software Distribution Service 3.0 01-04-2014 15:34:10 ComboFix created restore point 01-04-2014 15:37:40 Software Distribution Service 3.0 02-04-2014 15:32:28 Software Distribution Service 3.0 03-04-2014 02:49:47 Software Distribution Service 3.0 04-04-2014 03:38:59 System Checkpoint 04-04-2014 13:28:21 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2008-04-14 09:00 - 2014-04-01 12:51 - 00000027 ____A C:\WINXP\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINXP\Tasks\Adobe Flash Player Updater.job => C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINXP\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINXP\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-1972579041-1177238915-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINXP\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINXP\system32\xp_eos.exe Task: C:\WINXP\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINXP\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2010-09-25 12:34 - 2010-03-04 23:38 - 00071096 _____ () C:\Program Files\CDBurnerXP\NMSAccessU.exe 2014-02-13 04:50 - 2014-02-13 04:50 - 01920512 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.UI\9de3abc43cb616fc6d099d3b96e65462\Kies.UI.ni.dll 2014-02-13 04:50 - 2014-02-13 04:50 - 00078848 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\bf8afcd46d1a5da82b28fd2cdb16984b\Kies.MVVM.ni.dll 2014-02-13 04:50 - 2014-02-13 04:50 - 00184832 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3107856f35cdd262fcaeca56a25affb5\Kies.Common.DeviceServiceLib.Interface.ni.dll 2014-02-13 04:52 - 2014-02-13 04:52 - 00347648 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DevicePhoto\575fd589dac7437b4d729dfc731e2aa6\DevicePhoto.ni.dll 2014-02-13 04:52 - 2014-02-13 04:52 - 00293888 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DeviceVideo\8a67baa80d1bcfbdb1b3b7b7cf0157f5\DeviceVideo.ni.dll 2014-02-13 04:52 - 2014-02-13 04:52 - 00615424 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DevicePodcast\70fd2d26c96b17f3ea970ebeedca05ff\DevicePodcast.ni.dll 2014-02-13 04:52 - 2014-02-13 04:52 - 00307200 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\8f3715f285d1053b77a59a3648449433\DummyStorePlugin.ni.dll 2014-02-13 04:52 - 2014-02-13 04:52 - 13033984 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ea06c67ad9cf7394e2796c8af328c172\Kies.Theme.ni.dll 2014-02-13 04:51 - 2014-02-13 04:51 - 00571392 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\85f78f27e16dc8789c1e172c6be216fe\Kies.Common.DeviceServiceLib.FileService.ni.dll 2014-02-13 04:51 - 2014-02-13 04:51 - 00038912 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d3b88e7eb5f62d9c00aea091e492c077\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll 2014-02-13 04:51 - 2014-02-13 04:51 - 00232960 _____ () C:\WINXP\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\27af83e8dc27ee77fd22031801f3c5f1\ASF_cSharpAPI.ni.dll 2014-03-28 16:24 - 2014-03-14 21:50 - 00051016 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-01-19 17:14 - 2012-12-06 11:09 - 07375360 _____ () C:\Program Files\Content Manager\CmTray.exe 2014-01-19 17:14 - 2009-01-10 19:32 - 00011362 _____ () C:\Program Files\Content Manager\mingwm10.dll 2014-01-19 17:14 - 2009-06-23 03:42 - 00043008 _____ () C:\Program Files\Content Manager\libgcc_s_dw2-1.dll 2014-01-19 17:14 - 2012-01-06 15:53 - 02556416 _____ () C:\Program Files\Content Manager\QtCore4.dll 2014-01-19 17:14 - 2011-09-01 23:23 - 09933824 _____ () C:\Program Files\Content Manager\QtGui4.dll 2014-01-19 17:14 - 2011-09-01 22:53 - 01215488 _____ () C:\Program Files\Content Manager\QtNetwork4.dll 2014-01-19 17:14 - 2011-09-01 22:53 - 00271872 _____ () C:\Program Files\Content Manager\QtSql4.dll 2014-01-19 17:14 - 2011-09-01 22:49 - 00399360 _____ () C:\Program Files\Content Manager\QtXml4.dll 2014-01-19 17:14 - 2011-09-02 02:48 - 00478720 _____ () C:\Program Files\Content Manager\Plugins\sqldrivers\qsqlite4.dll 2014-03-28 16:24 - 2014-03-14 21:50 - 04061000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-28 16:24 - 2014-03-14 21:50 - 00394568 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-28 16:24 - 2014-03-14 21:50 - 01647432 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/01/2014 00:33:33 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 0.0.0.0, faulting module iexplore.exe, version 0.0.0.0, fault address 0x0008d1c0. Processing media-specific event for [iexplore.exe!ws!] Error: (04/01/2014 00:31:33 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (03/03/2014 08:10:22 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (02/24/2014 05:15:35 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile, P4 4.4.304.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (10/20/2013 03:51:25 AM) (Source: .NET Runtime Optimization Service) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (10/19/2013 00:19:15 PM) (Source: Application Error) (User: ) Description: Fault bucket 240698257. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (10/19/2013 00:18:51 PM) (Source: Application Error) (User: ) Description: Faulting application e_farnada.exe, version 4.0.0.0, faulting module e_faprada.dll, version 4.0.0.0, fault address 0x0000cc63. Processing media-specific event for [e_farnada.exe!ws!] Error: (10/19/2013 00:17:58 PM) (Source: Application Error) (User: ) Description: Faulting application e_farnada.exe, version 4.0.0.0, faulting module e_faprada.dll, version 4.0.0.0, fault address 0x0000cc63. Processing media-specific event for [e_farnada.exe!ws!] Error: (06/30/2013 10:07:01 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 2152759303, P2 unspecified, P3 scanfile, P4 4.2.223.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (06/16/2013 09:23:59 AM) (Source: Application Hang) (User: ) Description: Hanging application E_FARNADA.EXE, version 4.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (04/04/2014 10:51:10 PM) (Source: Service Control Manager) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2014 10:51:10 PM) (Source: Service Control Manager) (User: ) Description: The NMSAccess service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The SmartLinkService service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (04/04/2014 10:51:09 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. Error: (04/03/2014 10:21:44 AM) (Source: Print) (User: NT AUTHORITY) Description: Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer. Error: (04/01/2014 00:52:27 PM) (Source: Service Control Manager) (User: ) Description: The SmartLinkService service has reported an invalid current state 0. Microsoft Office Sessions: ========================= Error: (04/01/2014 00:33:33 PM) (Source: Application Error)(User: ) Description: iexplore.exe0.0.0.0iexplore.exe0.0.0.00008d1c0 Error: (04/01/2014 00:31:33 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.4.304.0unspecifiedunspecifiedunspecifiedNILNILNIL Error: (03/03/2014 08:10:22 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry2152759308unspecifiedscanfile4.4.304.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL Error: (02/24/2014 05:15:35 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry2152759308unspecifiedscanfile4.4.304.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL Error: (10/20/2013 03:51:25 AM) (Source: .NET Runtime Optimization Service)(User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error: (10/19/2013 00:19:15 PM) (Source: Application Error)(User: ) Description: 240698257 Error: (10/19/2013 00:18:51 PM) (Source: Application Error)(User: ) Description: e_farnada.exe4.0.0.0e_faprada.dll4.0.0.00000cc63 Error: (10/19/2013 00:17:58 PM) (Source: Application Error)(User: ) Description: e_farnada.exe4.0.0.0e_faprada.dll4.0.0.00000cc63 Error: (06/30/2013 10:07:01 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry2152759303unspecifiedscanfile4.2.223.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL Error: (06/16/2013 09:23:59 AM) (Source: Application Hang)(User: ) Description: E_FARNADA.EXE4.0.0.0hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 1277.98 MB Available physical RAM: 555.66 MB Total Pagefile: 1516.41 MB Available Pagefile: 847.71 MB Total Virtual: 2047.88 MB Available Virtual: 1959.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:63.53 GB) (Free:8.84 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: D0F4738C) Partition: GPT Partition Type. ==================== End Of Log ============================
  3. numoupower
    I have found that MSE has quarantined Trojan.Vundo.AB back in February. I am thinking that Trojan.Vundo had something to do with the Stolen.Data or the Hijack.Userinit. Here is the log from the event viewer: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win32/Vundo.AB&threatid=2147684724 Name: TrojanDropper:Win32/Vundo.AB ID: 2147684724 Severity: Severe Category: Trojan Dropper Path: containerfile:_C:\Documents and Settings\Administrator\My Documents\Downloads\free_bookwolf_com.zip;file:_C:\Documents and Settings\Administrator\My Documents\Downloads\free_bookwolf_com.zip->free_bookwolf_com.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Downloads and attachments User: GORDON-30421596\Administrator Process Name: Unknown Signature Version: AV: 1.167.573.0, AS: 1.167.573.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.10302.0, NIS: 0.0.0.0
  4. numoupower
    Thank you so much for the reply. I've attached the combofix.txt below. ComboFix.txt
  5. numoupower
    Hello again MBF, After doing a semi-routine scan of my parents' desktop PC, MBAM has found "Hijack.userinit.gen" and a large number of "Stolen.Data" files that end in .dc. I am concerned as to what this 'Stolen.Data' is and how it got there, and how to make sure it doesn't come back. Here is the mbam log (also the dds.txt log is below and attach.txt is attached): Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 3/28/2014Scan Time: 7:49:45 PMLogfile: mbam1.txtAdministrator: Yes Version: 2.00.0.1000Malware Database: v2014.03.28.08Rootkit Database: v2014.03.27.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: Administrator Scan Type: Threat ScanResult: CompletedObjects Scanned: 224600Time Elapsed: 41 min, 47 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 3PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),, [bcecb55337449a9cb2db9d6816ee2ed2]PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),, [d3d507014b303501c3cc7c895ba9c838]Hijack.UserInit.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Userinit, C:\WINXP\system32\userinit.exe,C:\Documents and Settings\Administrator\My Documents\MSDCSC\msdcsc.exe, Good: (userinit.exe), Bad: (C:\WINXP\system32\userinit.exe,C:\Documents and Settings\Administrator\My Documents\MSDCSC\msdcsc.exe),,[228695736714a98ddfaa48bb5da7d12f] Folders: 1Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs, , [d9cf3acecab137ff25f6ff386e95b14f], Files: 23Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-03-6.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-11-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-11-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-15-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-16-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-24-6.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-25-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-08-28-3.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-03-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-06-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-09-1.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-20-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-22-7.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-24-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-09-30-1.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-17-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-10-30-3.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-01-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-15-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-19-2.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-21-4.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-22-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Stolen.Data, C:\Documents and Settings\Administrator\Application Data\dclogs\2012-11-29-5.dc, , [d9cf3acecab137ff25f6ff386e95b14f], Physical Sectors: 0(No malicious items detected) (end) =================================================================================================================================================================== DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1Run by Administrator at 21:17:28 on 2014-03-28Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.552 [GMT -3:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ================.c:\Program Files\Microsoft Security Client\MsMpEng.exeC:\WINXP\system32\spoolsv.exeC:\Program Files\SUPERAntiSpyware\SASCORE.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exeC:\Program Files\CDBurnerXP\NMSAccessU.exeC:\WINXP\Explorer.EXEC:\WINXP\system32\wuauclt.exeC:\WINXP\System32\alg.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINXP\system32\hkcmd.exeC:\WINXP\system32\igfxpers.exeC:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Samsung\Kies\KiesTrayAgent.exeC:\WINXP\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Samsung\Kies\Kies.exeC:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINXP\system32\wbem\wmiprvse.exeC:\WINXP\System32\svchost.exe -k netsvcsC:\WINXP\system32\svchost.exe -k WudfServiceGroupC:\WINXP\system32\svchost.exe -k NetworkServiceC:\WINXP\system32\svchost.exe -k LocalServiceC:\WINXP\system32\svchost.exe -k LocalServiceC:\WINXP\system32\svchost.exe -k imgsvcC:\WINXP\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dllTB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exeuRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACKuRun: [EPSON Stylus CX4800 Series] c:\winxp\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /M "Stylus CX4800" /EF "HKCU"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preloaduRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startupuRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exeuRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\documents and settings\administrator\local settings\application data\google\chrome\application\chrome.exe" --type=serviceuRun: [CmTray] "c:\program files\content manager\launchCM.exe"mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [igfxtray] c:\winxp\system32\igfxtray.exemRun: [igfxhkcmd] c:\winxp\system32\hkcmd.exemRun: [igfxpers] c:\winxp\system32\igfxpers.exemRun: [EPSON Stylus CX4800 Series] c:\winxp\system32\spool\drivers\w32x86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB001" /M "Stylus CX4800"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exedRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.htmlIE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{6574BEB9-0320-4B59-8DB6-D7C6A2DD3522} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLNotify: igfxcui - igfxdev.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dllSEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLLSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\winxp\system32\drivers\MpFilter.sys [2010-3-25 214696]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\winxp\system32\drivers\ssudbus.sys [2013-1-20 83168]S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\winxp\system32\drivers\libusb0.sys [2011-12-19 21504]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\winxp\system32\drivers\ssudmdm.sys [2013-1-20 181344]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 756392].=============== File Associations ===============.ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" .=============== Created Last 30 ================.2014-03-28 21:58:39 107736 ----a-w- c:\winxp\system32\drivers\MBAMSwissArmy.sys2014-03-28 21:58:07 50648 ----a-w- c:\winxp\system32\drivers\mbamchameleon.sys2014-03-28 21:58:07 23256 ----a-w- c:\winxp\system32\drivers\mbam.sys2014-03-28 21:58:07 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-03-28 21:58:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2014-03-28 19:27:36 -------- d-----w- c:\winxp\system32\MRT2014-03-28 19:19:00 7969936 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5b77bc54-6dbf-43e6-a76d-f81d7f444497}\mpengine.dll2014-03-28 19:10:28 13312 -c----w- c:\winxp\system32\dllcache\xp_eos.exe2014-03-28 19:10:28 13312 ------w- c:\winxp\system32\xp_eos.exe2014-03-14 13:00:40 7947048 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll.==================== Find3M ====================.2014-03-12 02:05:48 71048 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl2014-03-12 02:05:48 692616 ----a-w- c:\winxp\system32\FlashPlayerApp.exe2014-03-12 02:05:33 5128584 ----a-w- c:\winxp\system32\FlashPlayerInstaller.exe2014-02-24 11:46:36 920064 ----a-w- c:\winxp\system32\wininet.dll2014-02-24 11:45:58 43520 ----a-w- c:\winxp\system32\licmgr10.dll2014-02-24 11:45:57 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl2014-02-24 11:45:42 18944 ----a-w- c:\winxp\system32\corpol.dll2014-02-24 10:54:21 385024 ----a-w- c:\winxp\system32\html.iec2014-02-07 02:01:37 1879040 ----a-w- c:\winxp\system32\win32k.sys2014-02-05 08:55:04 562688 ----a-w- c:\winxp\system32\qedit.dll2014-01-19 07:32:23 231584 ------w- c:\winxp\system32\MpSigStub.exe2014-01-04 03:13:05 420864 ----a-w- c:\winxp\system32\vbscript.dll.============= FINISH: 21:18:59.42 =============== attach.txt
  6. numoupower
    :\ Sorry, I completely mis-understood what the forum was for... heh... thank you. I'll look elsewhere.
  7. numoupower
    I am very interested in starting with malware hunting, but I'm confused as to where to start. Where do I find new samples of malware to submit? I've already looked at the stickys on the research center board, but none of them mention how you go about finding malware. I have a VM setup and a backup of it for easy VM restoration. I understand how to scan the malware to see if mbam detects it, and to upload it to virustotal. But again, I do not understand as to where I find the malware. I understand that what malware hunters and analyzers do is dangerous and that I need to know what I'm doing before I start. I am really interested in starting somewhere and would really appreciate any tips. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.