jgbeehive Posted December 8, 2013 ID:762051 Share Posted December 8, 2013 Hi, Uniprint suite randomly installed on my computer, and it reinstalls every timeI uninstall it.Malwarebytes, Adwcleaner, and Junkware remover all seem to have failed to detect it and/or permanently remove it.I ran DDS scan, please let me know how to proceed.Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2013 Root Admin ID:762882 Share Posted December 10, 2013 Hello and If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txtP2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 22, 2013 ID:767456 Share Posted December 22, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 22, 2013 Root Admin ID:767543 Share Posted December 22, 2013 Topic reopened per user request Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 28, 2013 Root Admin ID:769799 Share Posted December 28, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 13, 2014 Root Admin ID:777303 Share Posted January 13, 2014 Due to extenuating circumstances this topic is once again reopened. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 13, 2014 Root Admin ID:777304 Share Posted January 13, 2014 Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below.Important! - Please make sure you save combofix to your desktop and do not run it from your browserDirect download link for: ComboFix.exePlease make sure you disable your security applications before running ComboFix.Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.Please copy/paste the contents or attach that log file to your next reply.If needed the file can be located here: C:\combofix.txtNOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
jgbeehive Posted January 13, 2014 Author ID:777343 Share Posted January 13, 2014 Thanks! ComboFix 14-01-13.01 - BRothermel 01/13/2014 21:19:43.2.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1657 [GMT 9:00]Running from: c:\documents and settings\brothermel.PARK-LAW\Desktop\ComboFix.exeAV: Symantec Endpoint Protection *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\All Users\Application Data\TEMPC:\install.exec:\windows\system32\drivers\etc\hosts.icsc:\windows\system32\Thumbs.dbc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2013-12-13 to 2014-01-13 )))))))))))))))))))))))))))))))..2014-01-12 14:07 . 2014-01-12 14:07 -------- d-----w- c:\program files\ERUNT2014-01-12 10:09 . 2014-01-12 10:09 37944 ----a-w- c:\windows\system32\JRSKD24.SYS2014-01-12 10:09 . 2014-01-12 10:09 12728 ----a-w- c:\windows\system32\JRSUKD25.SYS2014-01-12 10:09 . 2014-01-12 10:09 126048 ----a-w- c:\windows\system32\kcrtx86.sys2014-01-12 10:09 . 2014-01-12 10:09 124216 ----a-r- c:\windows\system32\CKAgent.exe2014-01-12 10:09 . 2014-01-12 10:09 943416 ----a-w- c:\windows\system32\CKSetup32.exe2014-01-12 10:09 . 2014-01-12 10:09 70968 ----a-w- c:\windows\system32\CKKeyProCert.dll2014-01-12 10:09 . 2014-01-12 10:09 434428 ----a-w- c:\windows\system32\CKCSP.dll2014-01-12 10:09 . 2014-01-12 10:09 394552 ----a-w- c:\windows\system32\XecureCK.dll2014-01-12 10:09 . 2014-01-12 10:09 210272 ----a-w- c:\windows\system32\npKeyPro.dll2014-01-12 10:09 . 2014-01-12 10:09 191000 ----a-w- c:\windows\system32\kcrypto.dll2014-01-12 10:09 . 2014-01-12 10:09 181560 ----a-w- c:\windows\system32\CKApp.dll2014-01-12 10:09 . 2014-01-12 10:09 152888 ----a-w- c:\windows\system32\jrsoftcp.dll2014-01-10 16:44 . 2014-01-10 16:44 -------- d-----w- c:\program files\NPKI2014-01-10 16:44 . 2014-01-10 16:44 -------- d--h--w- c:\windows\yessign2014-01-10 16:44 . 2014-01-10 16:44 -------- d-----w- C:\XecureSSL2014-01-10 16:44 . 2014-01-10 16:44 -------- d-----w- c:\program files\SoftForum2014-01-04 06:31 . 2014-01-04 06:31 -------- d-----w- c:\program files\Common Files\Citrix2014-01-04 06:31 . 2014-01-04 06:31 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Citrix2014-01-04 06:25 . 2014-01-04 06:25 -------- d-----w- c:\windows\system32\DRM2014-01-04 00:31 . 2014-01-04 00:31 -------- d-----w- c:\program files\Dell2014-01-03 07:42 . 2014-01-03 08:17 -------- d-----w- c:\windows\system32\NtmsData2013-12-27 00:36 . 2013-12-27 00:36 -------- d-----w- C:\Transfer Folder...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-12 14:20 . 2014-01-12 14:20 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 82944 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 77568 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak2014-01-12 14:20 . 2014-01-12 14:20 39368 ----a-w- c:\windows\system32\drivers\winusb.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 503008 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 35040 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 26368 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS.bak2014-01-12 14:20 . 2014-01-12 14:20 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 46144 ----a-w- c:\windows\system32\drivers\tvtumon.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 4608 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS.bak2014-01-12 14:20 . 2014-01-12 14:20 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS.bak2014-01-12 14:20 . 2014-01-12 14:20 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 17844 ----a-w- c:\windows\system32\drivers\TPHKDRV.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 118960 ----a-w- c:\windows\system32\drivers\teefer.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 26624 ----a-w- c:\windows\system32\drivers\tap0901.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 32864 ----a-w- c:\windows\system32\drivers\staccel.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 177632 ----a-w- c:\windows\system32\drivers\SynTP.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS.bak2014-01-12 14:20 . 2014-01-12 14:20 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 9632128 ----a-w- c:\windows\system32\drivers\snp2uvc.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 80384 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 13952 ----a-w- c:\windows\system32\drivers\s24trans.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 102656 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 46592 ----a-w- c:\windows\system32\drivers\rimmptsk.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 43008 ----a-w- c:\windows\system32\drivers\rimsptsk.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 175744 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 16512 ----a-w- c:\windows\system32\drivers\raspti.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 69120 ----a-w- c:\windows\system32\drivers\psched.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 30144 ----a-w- c:\windows\system32\drivers\psadd.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 17792 ----a-w- c:\windows\system32\drivers\ptilink.sys.bak2014-01-12 14:20 . 2014-01-12 14:20 146048 ----a-w- c:\windows\system32\drivers\portcls.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 80128 ----a-w- c:\windows\system32\drivers\parport.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 68224 ----a-w- c:\windows\system32\drivers\pci.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 3456 ----a-w- c:\windows\system32\drivers\oprghdlr.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 19712 ----a-w- c:\windows\system32\drivers\partmgr.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 120192 ----a-w- c:\windows\system32\drivers\pcmcia.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 32512 ----a-w- c:\windows\system32\drivers\nwlnkfwd.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 12416 ----a-w- c:\windows\system32\drivers\nwlnkflt.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 61824 ----a-w- c:\windows\system32\drivers\nic1394.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 574976 ----a-w- c:\windows\system32\drivers\ntfs.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 30848 ----a-w- c:\windows\system32\drivers\npfs.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 2944 ----a-w- c:\windows\system32\drivers\null.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 5977216 ----a-w- c:\windows\system32\drivers\NETw5x32.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 162816 ----a-w- c:\windows\system32\drivers\netbt.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 91520 ----a-w- c:\windows\system32\drivers\ndiswan.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys.bak2014-01-12 14:19 . 2014-01-12 14:19 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys.bak..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\documents and settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\documents and settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\documents and settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\documents and settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-05-23 1561968]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]"TpShocks"="TpShocks.exe" [2009-07-09 337184]"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-02-03 16384]"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-23 421888]"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-10-23 208896]"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2009-09-03 436800]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Matrox PowerDesk"="c:\program files\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe" [2011-05-11 884744]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-23 129536]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-23 164352]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-23 140800]"PDF7 Registry Controller"="c:\program files\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160]"PDFProHook"="c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-09-09 1787752]"Nuance PDF Converter Professional 7-reminder"="c:\program files\Nuance\PDF Professional 7\Ereg\Ereg.exe" [2011-09-06 333672]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]"UniPrint Client Init"="c:\program files\UniPrint Suite\Client\UPCInit.exe" [2011-11-28 203624]"ConnectionCenter"="c:\program files\Citrix\ICA Client\redirector.exe" [2012-07-26 130232].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"RunNarrator"="Narrator.exe" [2008-04-14 53760].c:\documents and settings\brothermel.PARK-LAW\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]NexDef Plug-in.lnk - c:\documents and settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\nexdef.exe [2011-8-12 15490560]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552].c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-10-23 6144].[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]"NoAutoUpdate"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kwinhook]2013-08-23 20:44 84072 ----a-w- c:\windows\system32\KWinHook.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]2008-06-25 00:31 95496 ----a-w- c:\windows\system32\psqlpwd.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]2009-05-22 01:48 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli psqlpwd.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\system32\\sessmgr.exe"="c:\\Documents and Settings\\brothermel.PARK-LAW\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\KBS\\ISiCastAgent\\ISiCastAgent.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="c:\\Program Files\\Shoreline Communications\\ShoreWare Client\\ShoreTel.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys [6/18/2011 5:31 AM 340088]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys [6/18/2011 5:31 AM 756856]R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [6/30/2009 3:51 AM 20520]R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20131101.011\BHDrvx86.sys [11/7/2013 3:27 AM 1096280]R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [4/25/2011 2:49 PM 67960]R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys [6/18/2011 5:31 AM 136312]R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/10/2008 9:50 AM 46144]R2 AMPAgent;Dell KACE Agent;c:\program files\Dell\KACE\AMPAgent.exe [11/12/2013 6:06 AM 2872424]R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [8/21/2009 6:39 AM 208896]R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [5/12/2011 3:32 AM 3703816]R2 Matrox.Pdesk3.ServicesHost;Matrox.Pdesk3.ServicesHost;c:\program files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [5/12/2011 3:32 AM 3703816]R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [9/9/2011 3:13 PM 135016]R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [8/21/2009 6:42 AM 53248]R2 SecureConnector;ForeScout SecureConnector Service;c:\program files\ForeScout SecureConnector\SecureConnector.exe [11/21/2013 2:00 PM 1046584]R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [6/18/2011 5:31 AM 137224]R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [6/25/2008 9:07 AM 12560]R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [11/25/2008 7:34 AM 520192]R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/10/2008 9:50 AM 360448]R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [12/16/2013 7:34 PM 247968]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/27/2013 12:39 AM 108120]R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20131109.001\IDSXpx86.sys [11/10/2013 11:06 AM 380824]R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [8/21/2009 6:26 AM 116224]R3 JRSKD24;JRSKD24;c:\windows\system32\JRSKD24.SYS [1/12/2014 7:09 PM 37944]R3 kcrtx86;kcrtx86;c:\windows\system32\kcrtx86.sys [1/12/2014 7:09 PM 126048]R3 staccel;staccel;c:\windows\system32\drivers\staccel.sys [10/16/2012 4:56 AM 32864]RUnknown ScreenConnect Client (89606bea9a3af76e);ScreenConnect Client (89606bea9a3af76e); [x]S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [12/16/2013 7:34 PM 193696]S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/26/2008 12:18 AM 362992]S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/26/2008 12:16 AM 309744]S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/26/2008 12:15 AM 166384]S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [9/5/2013 11:34 PM 171680]S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [9/3/2013 11:07 PM 83864]S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/26/2008 12:18 AM 313840]S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/26/2008 12:15 AM 1120752]S3 scsk5;SCSK5 Driver Service;c:\windows\system32\drivers\scsk5.sys --> c:\windows\system32\drivers\scsk5.sys [?]S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [9/3/2013 11:07 PM 181912]S3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [6/18/2011 5:31 AM 23984].--- Other Services/Drivers In Memory ---.*NewlyCreated* - JRSKD24*NewlyCreated* - KCRTX86.[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-06 01:34 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 23:57].2014-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-28 23:57].2013-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job- c:\program files\PC-Doctor\uaclauncher.exe [2010-05-07 19:46].2014-01-12 c:\windows\Tasks\PMTask.job- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-08-20 06:04].2014-01-13 c:\windows\Tasks\SystemToolsDailyTest.job- c:\program files\PC-Doctor\pcdrcui.exe [2010-05-08 21:08]..------- Supplementary Scan -------.IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTMLIE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTMLIE: Create PDF file - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTMLIE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTMLIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Open with Nuance PDF Converter 7 - c:\program files\Nuance\PDF Professional 7\cnvres_eng.dll /100IE: Open with PDF Professional 7 - c:\program files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htmIE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: wellsfargo.com\billpayTCP: DhcpNameServer = 192.168.2.1Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - c:\windows\Downloaded Program Files\Potential.dllFilter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - c:\windows\Downloaded Program Files\Potential.dll.- - - - ORPHANS REMOVED - - - -.HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exeNotify-ACNotify - ACNotify.dllAddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exeAddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exeAddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exeAddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exeAddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exeAddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exeAddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exeAddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exeAddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exeAddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exeAddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exeAddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exeAddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exeAddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exeAddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exeAddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exeAddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exeAddRemove-24_flashusbdriver - c:\program files\SAMSUNG\USB Drivers\24_flashusbdriver\Uninstall.exeAddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-13 21:31Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... ..c:\windows\TEMP\FSA_TMP_18592_52D3DCF8_0001 0 bytes.scan completed successfullyhidden files: 1.**************************************************************************.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1".[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]"ImagePath"="\??\".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(644)c:\progra~1\Citrix\ICACLI~1\RSHook.dllc:\program files\Citrix\ICA Client\ShellHook.dllc:\windows\system32\vrlogon.dllc:\program files\ThinkPad\ConnectUtilities\ACNotify.dllc:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dllc:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dllc:\program files\ThinkPad\ConnectUtilities\ACHelper.dllc:\windows\system32\kwinhook.dllc:\windows\system32\psqlpwd.dllc:\program files\ThinkVantage Fingerprint Software\homefus2.dllc:\program files\ThinkVantage Fingerprint Software\infql2.dllc:\program files\ThinkVantage Fingerprint Software\homepass.dllc:\program files\ThinkVantage Fingerprint Software\bio.dllc:\program files\ThinkVantage Fingerprint Software\qlbase.dllc:\program files\ThinkVantage Fingerprint Software\ps2css.dllc:\program files\Lenovo\HOTKEY\tphklock.dllc:\program files\ThinkVantage Fingerprint Software\pscssint.dllc:\program files\ThinkVantage Fingerprint Software\vti.dllc:\windows\system32\igfxdev.dll.- - - - - - - > 'lsass.exe'(704)c:\progra~1\Citrix\ICACLI~1\RSHook.dllc:\program files\Citrix\ICA Client\ShellHook.dllc:\windows\system32\psqlpwd.dllc:\program files\ThinkVantage Fingerprint Software\homefus2.dllc:\program files\ThinkVantage Fingerprint Software\infql2.dll.Completion time: 2014-01-13 21:35:38ComboFix-quarantined-files.txt 2014-01-13 12:35ComboFix2.txt 2012-09-28 04:36.Pre-Run: 174,016,573,440 bytes freePost-Run: 175,559,495,680 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 61617D94EFF579EC65D057DE088131D4ECA0DF36C8CD373AF8F175D564247B9A Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 17, 2014 Root Admin ID:779039 Share Posted January 17, 2014 Sorry for the delay as I was out of town. Please uninstall ALL versions of Java and run the following. Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy. Create a new folder on your Desktop named RemoveJava and paste the files into this new folder. Quit all browsers and other running applications. Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program. From the drop-down menu, choose English and click on Select. JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer. Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK. A logfile will pop up. Please save it to a convenient location and post it in your next reply. Then reboot the computer and run this tool Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
jgbeehive Posted January 17, 2014 Author ID:779118 Share Posted January 17, 2014 Thanks - here is the JavaRa log: JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jan 17 22:17:20 2014 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.6.0_11 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.6.0_26 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.7.0_15 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.7.0_21 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.7.0_25 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.7.0_40 Found and removed: C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Sun\Java\jre1.7.0_45 Found and removed: Software\Classes\JavaPlugin.160_31 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B06 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B04 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B06 Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Internet Explorer\Low Rights Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\ATs Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Fri Jan 17 22:18:46 2014 ------------------------------------ Finished reporting. Link to post Share on other sites More sharing options...
jgbeehive Posted January 17, 2014 Author ID:779119 Share Posted January 17, 2014 Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2014 03Ran by BRothermel (administrator) on LAPTOP007 on 17-01-2014 22:29:09Running from C:\Documents and Settings\brothermel.PARK-LAW\DesktopMicrosoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Lenovo) C:\WINDOWS\system32\ibmpmsvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe() C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe() C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe(Dell Inc.) C:\Program Files\Dell\KACE\AMPAgent.exe(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.EXE(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe(Matrox Graphics Inc) C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe(Matrox Graphics Inc) C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Elsinore Technologies, Inc.) C:\Program Files\ScreenConnect Client (89606bea9a3af76e)\Elsinore.ScreenConnect.ClientService.exe() C:\Program Files\ForeScout SecureConnector\SecureConnector.exe(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe() C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe(Elsinore Technologies, Inc.) C:\Program Files\ScreenConnect Client (89606bea9a3af76e)\Elsinore.ScreenConnect.WindowsClient.exe(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(Elsinore Technologies, Inc.) C:\Program Files\ScreenConnect Client (89606bea9a3af76e)\Elsinore.ScreenConnect.WindowsClient.exe(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Sonix) C:\WINDOWS\vsnp2uvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe(Lenovo.) C:\WINDOWS\system32\TpShocks.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe(Lenovo Group Ltd.) C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE(ATK0101) C:\Program Files\Lenovo\ATK Hotkey\LControl.exe(Lenovo) C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe(Lenovo) C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe(Lenovo ) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Client Security Solution\cssauth.exe() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe(LENOVO) C:\Program Files\ThinkVantage\AMSG\Amsg.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe(Matrox Graphics Inc.) C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe(Matrox Graphics Inc.) C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Core.exe(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe(Samsung) C:\Program Files\SAMSUNG\Kies\Kies.exe(Dropbox, Inc.) C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\Dropbox.exe() C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\nexdef.exe(UniPrint) C:\Program Files\UniPrint Suite\Client\UPCRelay.exe() C:\Program Files\ForeScout SecureConnector\SecureConnector.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPLpr] - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [122880 2008-04-10] (Synaptics, Inc.)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [524288 2008-04-10] (Synaptics, Inc.)HKLM\...\Run: [snp2uvc] - C:\WINDOWS\vsnp2uvc.exe [569344 2007-07-12] (Sonix)HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe [62240 2009-08-03] (Lenovo Group Limited)HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337184 2009-07-09] (Lenovo.)HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe [64368 2008-03-24] (Lenovo Group Limited)HKLM\...\Run: [EZEJMNAP] - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [256576 2008-10-08] (Lenovo Group Ltd.)HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [487424 2008-11-25] (Lenovo Group Limited)HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-04-26] (Sonic Solutions)HKLM\...\Run: [LPManager] - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [165208 2008-06-09] (Lenovo Group Limited)HKLM\...\Run: [LPMailChecker] - C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE [124248 2008-06-09] (Lenovo Group Limited)HKLM\...\Run: [CameraApplicationLauncher] - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe [16384 2009-02-03] ()HKLM\...\Run: [LCONTROL] - C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe [77824 2008-03-20] (ATK0101)HKLM\...\Run: [LFKA] - C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe [315392 2008-04-16] (Lenovo)HKLM\...\Run: [PWRMGRTR] - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL [421888 2009-10-23] (Lenovo Group Limited)HKLM\...\Run: [bLOG] - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL [208896 2009-10-23] ()HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [425984 2009-07-30] (Lenovo )HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [172032 2009-07-30] (Lenovo )HKLM\...\Run: [cssauth] - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [3073336 2008-06-14] (Lenovo Group Limited)HKLM\...\Run: [iMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)HKLM\...\Run: [synchronization Manager] - C:\Windows\system32\mobsync.exe [143360 2008-04-14] (Microsoft Corporation)HKLM\...\Run: [Message Center Plus] - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [436800 2009-09-04] (LENOVO)HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [Matrox PowerDesk] - C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Startup.exe [884744 2011-05-12] (Matrox Graphics Inc.)HKLM\...\Run: [PDF7 Registry Controller] - C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe [141160 2011-09-09] (Nuance Communications, Inc.)HKLM\...\Run: [PDFProHook] - C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe [1787752 2011-09-09] (Nuance Communications, Inc.)HKLM\...\Run: [Nuance PDF Converter Professional 7-reminder] - C:\Program Files\Nuance\PDF Professional 7\Ereg\Ereg.exe [333672 2011-09-07] (Nuance Communications, Inc.)HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-24] (Samsung Electronics Co., Ltd.)HKLM\...\Run: [uniPrint Client Init] - C:\Program Files\UniPrint Suite\Client\UPCInit.exe [203624 2011-11-28] (UniPrint)HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\redirector.exe [130232 2012-07-27] (Citrix Systems, Inc.)Winlogon\Notify\kwinhook: C:\Windows\system32\kwinhook.dll (Dell Inc.)Winlogon\Notify\psfus: C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)Winlogon\Notify\tphotkey: C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)HKLM\...\Policies\Explorer: [NoCDBurning] 1HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-24] (Samsung)HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)HKU\Default User\...\Run: [ooVoo] - C\ooVoo.exe /minimizedHKU\Tech_Support\...\Run: [skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-11-14] (Skype Technologies S.A.)HKU\ylim\...\Run: [iSUSPM] - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [ 2009-05-06] (Acresso Corporation)AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)Lsa: [Notification Packages] scecli psqlpwdStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnkShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()Startup: C:\Documents and Settings\brothermel.PARK-LAW\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Documents and Settings\brothermel.PARK-LAW\Start Menu\Programs\Startup\NexDef Plug-in.lnkShortcutTarget: NexDef Plug-in.lnk -> C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\nexdef.exe ()Startup: C:\Documents and Settings\brothermel.PARK-LAW\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patentlyo.com/SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/searchToolbar: HKLM - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)DPF: {34B5A473-9696-4F9A-9BA1-41B8185A9798} https://espace.samsungsdi.com:3443/epms/cab/EpFTP3_U.cabDPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Downloads\CKKeyPro_Installer_Multi_10023.exeDPF: {7A868592-7D06-44CF-ADF1-EF7517BD8F3A} http://epms.samsungdisplay.com/cab/ManagerEx4.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {F2BE8941-E765-444C-9070-4CC933405CE9} https://espace.samsungsdi.com:3443/epms/cab/NamoWec.cabHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll (SHIFT Infomation & Communication Co., Ltd.)Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll (SHIFT Infomation & Communication Co., Ltd.)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Chrome: =======CHR DefaultSearchKeyword: google.co.krCHR Extension: (Google Docs) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 [2013-12-08]CHR Extension: (Google Drive) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 [2013-12-08]CHR Extension: (YouTube) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1 [2013-12-08]CHR Extension: (Google Search) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1 [2013-12-08]CHR Extension: (Google Wallet) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-19]CHR Extension: (Gmail) - C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2 [2013-12-08]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ========================== Services (Whitelisted) ================= R2 AMPAgent; C:\Program Files\Dell\KACE\AMPAgent.exe [2872424 2013-11-12] (Dell Inc.)R2 ATKGFNEXSrv; C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe [94208 2007-10-31] ()R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-28] (Cisco Systems, Inc.)R2 LFKAS; C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe [208896 2008-03-20] ()R2 Matrox Centering Service; C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [3703816 2011-05-12] (Matrox Graphics Inc)R2 Matrox.Pdesk3.ServicesHost; C:\Program Files\Matrox Graphics\PowerDesk\Matrox.PDesk.Services.exe [3703816 2011-05-12] (Matrox Graphics Inc)R2 PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)R2 Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [53248 2009-10-23] ()S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-04-26] (Sonic Solutions)S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-04-26] (Sonic Solutions)S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-04-26] (Sonic Solutions)R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [954368 2009-09-22] (Intel® Corporation)R2 ScreenConnect Client (89606bea9a3af76e); C:\Program Files\ScreenConnect Client (89606bea9a3af76e)\Elsinore.ScreenConnect.ClientService.exe [50232 2013-10-12] (Elsinore Technologies, Inc.)R2 SecureConnector; C:\Program Files\ForeScout SecureConnector\SecureConnector.exe [1046584 2013-12-12] ()R2 SepMasterService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-18] (Symantec Corporation)R3 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe [1664744 2011-06-18] (Symantec Corporation)S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [280496 2011-06-18] (Symantec Corporation)R2 SUService; c:\program files\lenovo\system update\suservice.exe [28672 2009-06-13] (Lenovo Group Limited)R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [520192 2008-11-25] ()R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1155072 2008-11-25] (Lenovo Group Limited)S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]S3 Smcinst; C:\Program Files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [x] ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-18] (Microsoft Corporation)R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2009-07-22] (IBM Corp.)R2 ASMMAP; C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys [13880 2007-07-25] ()R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20131101.011\BHDrvx86.sys [1096280 2013-10-30] (Symantec Corporation)S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [764416 2008-06-12] (Conexant Systems Inc.)S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-19] (Cisco Systems, Inc.)R2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [308859 2010-09-28] (Cisco Systems, Inc.)R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-17] (Deterministic Networks, Inc.)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-24] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-24] (Symantec Corporation)R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2009-07-22] ()R3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20131109.001\IDSxpx86.sys [380824 2013-10-30] (Symantec Corporation)S3 JRSKD24; C:\WINDOWS\system32\JRSKD24.SYS [37944 2014-01-12] (SoftForum Corporation)S3 kcrtx86; C:\WINDOWS\system32\kcrtx86.sys [126048 2014-01-12] (Kings Information & Network)R3 MTsensor; C:\Windows\System32\DRIVERS\A0101X32.sys [5760 2007-08-25] ()R3 NAVENG; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131124.007\NAVENG.SYS [93272 2013-11-24] (Symantec Corporation)R3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20131124.007\NAVEX15.SYS [1612376 2013-11-24] (Symantec Corporation)S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [5977216 2009-09-16] (Intel Corporation)R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2009-08-21] (Microsoft Corporation)R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2009-08-10] (Intel Corporation)R2 smihlp; C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [12560 2008-06-25] (UPEK Inc.)S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [9632128 2007-10-02] ()R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [516216 2011-06-18] (Symantec Corporation)R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [50168 2011-06-18] (Symantec Corporation)R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2012-10-16] (ShoreTel, Inc)S3 SyDvCtrl; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [23984 2011-06-18] (Symantec Corporation)R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [340088 2011-06-18] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [756856 2011-06-18] (Symantec Corporation)R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [127096 2011-09-09] (Symantec Corporation)R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [136312 2011-06-18] (Symantec Corporation)R1 SYMTDI; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDI.SYS [369784 2011-06-18] (Symantec Corporation)R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [92080 2011-09-09] (Symantec Corporation)R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-04-15] (The OpenVPN Project)R3 Teefer2; C:\Windows\System32\DRIVERS\teefer.sys [118960 2011-06-18] (Symantec Corporation)R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-13] (Lenovo Group Limited)R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [4442 2009-10-23] ()R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [4608 2009-08-03] ()S3 catchme; \??\C:\DOCUME~1\BROTHE~1.PAR\LOCALS~1\Temp\catchme.sys [x]S3 COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys [x]S3 scsk5; system32\drivers\scsk5.sys [x]U3 TrueSight; \??\ [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-17 22:26 - 2014-01-17 22:29 - 00027112 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\FRST.txt2014-01-17 22:26 - 2014-01-17 22:26 - 00000000 ____D C:\FRST2014-01-17 22:19 - 2014-01-17 22:19 - 00002789 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\JavaRa.log2014-01-17 22:17 - 2014-01-17 22:18 - 00002789 _____ C:\JavaRa.log2014-01-17 22:16 - 2014-01-17 22:16 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RemoveJava2014-01-17 22:09 - 2014-01-17 22:09 - 01221120 _____ (Farbar) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\FRST.exe2014-01-17 22:06 - 2014-01-17 22:06 - 00165483 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\JavaRa-1.16-28-5-13.zip2014-01-16 15:31 - 2014-01-16 15:31 - 00004354 _____ C:\WINDOWS\KB2914368.log2014-01-16 15:31 - 2014-01-16 15:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-16 10:31 - 2014-01-17 22:25 - 00000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics2014-01-14 23:28 - 2014-01-14 23:28 - 00095010 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-14 Good Faith in Settlement v1.pptx2014-01-14 01:05 - 2014-01-14 01:05 - 00044032 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-13 Weekly Prosecution work load_ByAttorney.xls2014-01-13 21:35 - 2014-01-13 21:35 - 00036513 _____ C:\ComboFix.txt2014-01-13 21:15 - 2014-01-13 21:15 - 00000000 _RSHD C:\cmdcons2014-01-13 21:15 - 2009-09-22 17:09 - 00000211 _____ C:\Boot.bak2014-01-13 21:15 - 2004-08-03 23:00 - 00260272 __RSH C:\cmldr2014-01-13 17:32 - 2014-01-13 16:44 - 05166068 ____R (Swearware) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\ComboFix.exe2014-01-12 23:20 - 2014-01-12 23:20 - 09632128 _____ () C:\WINDOWS\system32\Drivers\snp2uvc.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00503008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00203136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00196224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00181912 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00177632 _____ (Synaptics, Inc.) C:\WINDOWS\system32\Drivers\SynTP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00175744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00139784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00127096 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00118960 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\teefer.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00102656 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\Rtenicxp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00092080 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00083864 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00050576 _____ (UPEK Inc.) C:\WINDOWS\system32\Drivers\tcusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00046592 _____ (REDC) C:\WINDOWS\system32\Drivers\rimmptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00046144 _____ (Lenovo) C:\WINDOWS\system32\Drivers\tvtumon.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00044944 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\pxhelp20.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00043008 _____ (REDC) C:\WINDOWS\system32\Drivers\rimsptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00039368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00038400 _____ (REDC) C:\WINDOWS\system32\Drivers\rixdptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00033536 _____ (Lenovo) C:\WINDOWS\system32\Drivers\tvtfilter.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00032864 _____ (ShoreTel, Inc) C:\WINDOWS\system32\Drivers\staccel.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00030336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00030144 _____ (Lenovo (United States) Inc.) C:\WINDOWS\system32\Drivers\psadd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00017844 _____ (Lenovo Group Limited) C:\WINDOWS\system32\Drivers\TPHKDRV.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00013952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\s24trans.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00007012 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmemnt.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004608 _____ C:\WINDOWS\system32\Drivers\TSMAPIP.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004442 _____ C:\WINDOWS\system32\Drivers\TPPWRIF.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00002076 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RKreport[0]_S_01122014_232015.txt2014-01-12 23:19 - 2014-01-12 23:19 - 05977216 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETw5x32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 02019232 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00985472 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSF_DPV.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00764416 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDAU32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00731264 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSF_CNXT.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00456320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00329752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStor.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00308859 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00210560 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSFHWAZL.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00131984 _____ (Deterministic Networks, Inc.) C:\WINDOWS\system32\Drivers\dne2000.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00124000 _____ (Kings Information & Network) C:\WINDOWS\system32\Drivers\kcrtx86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00117800 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ApsX86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00116224 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcHdmi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00099848 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00067960 _____ (Citrix Systems, Inc.) C:\WINDOWS\system32\Drivers\ctxusbm.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ohci1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394bus.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00051768 _____ (Roxio) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00028120 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00022312 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ibmpmdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020520 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ApsHM86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012856 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012672 _____ (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011520 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\ANC.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00008576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i2omgmt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00007936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005760 _____ C:\WINDOWS\system32\Drivers\A0101X32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005275 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\CVirtA.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ C:\WINDOWS\system32\Drivers\IBMBLDID.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak2014-01-12 23:17 - 2014-01-12 23:22 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RK_Quarantine2014-01-12 23:15 - 2014-01-16 00:19 - 00002602 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\Rkill.txt2014-01-12 23:09 - 2014-01-12 23:09 - 03810304 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RogueKiller.exe2014-01-12 23:07 - 2014-01-12 23:07 - 00000000 ____D C:\Program Files\ERUNT2014-01-12 23:07 - 2014-01-12 23:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-12 23:05 - 2014-01-12 23:05 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\erunt-setup.exe2014-01-12 23:03 - 2014-01-12 23:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\rkill.exe2014-01-12 19:09 - 2014-01-12 19:09 - 00943416 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\CKSetup32.exe2014-01-12 19:09 - 2014-01-12 19:09 - 00434428 _____ (SoftForum Corporation) C:\WINDOWS\system32\CKCSP.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00394552 _____ (SoftForum Co., Ltd.) C:\WINDOWS\system32\XecureCK.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00210272 _____ (SoftForum Co., Ltd.) C:\WINDOWS\system32\npKeyPro.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00191000 _____ (Kings Information & Network) C:\WINDOWS\system32\kcrypto.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00181560 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\CKApp.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00152888 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\jrsoftcp.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00126048 _____ (Kings Information & Network) C:\WINDOWS\system32\kcrtx86.sys2014-01-12 19:09 - 2014-01-12 19:09 - 00124216 ____R (SoftForum Co., Ltd.) C:\WINDOWS\system32\CKAgent.exe2014-01-12 19:09 - 2014-01-12 19:09 - 00070968 _____ (SoftForm Co. Ltd.) C:\WINDOWS\system32\CKKeyProCert.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00037944 _____ (SoftForum Corporation) C:\WINDOWS\system32\JRSKD24.SYS2014-01-12 19:09 - 2014-01-12 19:09 - 00012728 _____ (SoftForum Corporation) C:\WINDOWS\system32\JRSUKD25.SYS2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ___HD C:\WINDOWS\yessign2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\XecureSSL2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\Program Files\SoftForum2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\Program Files\NPKI2014-01-08 11:42 - 2014-01-08 11:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage2014-01-08 10:09 - 2014-01-08 10:09 - 00043520 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-06 Weekly Prosecution work load_ByAttorney.xls2014-01-04 15:34 - 2014-01-04 15:34 - 00001004 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Citrix Receiver.lnk2014-01-04 15:31 - 2014-01-04 15:31 - 00000000 ____D C:\Program Files\Common Files\Citrix2014-01-04 15:27 - 2014-01-08 11:42 - 00004152 _____ C:\WINDOWS\wmsetup.log2014-01-04 15:27 - 2014-01-04 15:38 - 00001084 _____ C:\WINDOWS\spupdsvc.log2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\WINDOWS\system32\DRM2014-01-04 09:31 - 2014-01-04 09:31 - 00000000 ____D C:\Program Files\Dell2014-01-03 16:42 - 2014-01-03 17:17 - 00000000 ____D C:\WINDOWS\system32\NtmsData2013-12-29 22:52 - 2013-12-29 22:52 - 00009033 _____ C:\__PatchLink02bd.cab2013-12-27 09:36 - 2013-12-27 09:36 - 00000425 _____ C:\Documents and Settings\All Users\Desktop\Transfer Folder.lnk2013-12-27 09:36 - 2013-12-27 09:36 - 00000000 ____D C:\Transfer Folder ==================== One Month Modified Files and Folders ======= 2014-01-17 22:29 - 2014-01-17 22:26 - 00027112 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\FRST.txt2014-01-17 22:26 - 2014-01-17 22:26 - 00000000 ____D C:\FRST2014-01-17 22:26 - 2011-08-16 08:17 - 00000000 ___RD C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Dropbox2014-01-17 22:26 - 2011-08-16 08:15 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Dropbox2014-01-17 22:25 - 2014-01-16 10:31 - 00000436 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics2014-01-17 22:25 - 2009-08-21 06:42 - 00000300 _____ C:\WINDOWS\Tasks\PMTask.job2014-01-17 22:24 - 2013-12-08 18:11 - 00184233 _____ C:\WINDOWS\setupapi.log2014-01-17 22:24 - 2012-10-29 08:57 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-01-17 22:24 - 2008-07-22 07:01 - 02080356 _____ C:\WINDOWS\WindowsUpdate.log2014-01-17 22:23 - 2008-07-21 23:58 - 00000157 _____ C:\WINDOWS\wiadebug.log2014-01-17 22:23 - 2008-07-21 23:58 - 00000049 _____ C:\WINDOWS\wiaservc.log2014-01-17 22:22 - 2009-09-22 17:09 - 00003120 _____ C:\WINDOWS\system32\ICAutoUpdate.log.bak2014-01-17 22:22 - 2008-07-22 07:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2014-01-17 22:21 - 2013-11-13 00:16 - 01477976 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat2014-01-17 22:21 - 2011-09-10 02:52 - 00131072 _____ C:\WINDOWS\system32\config\OAlerts.evt2014-01-17 22:21 - 2011-07-06 02:35 - 00000278 ___SH C:\Documents and Settings\brothermel.PARK-LAW\ntuser.ini2014-01-17 22:21 - 2008-07-22 07:05 - 00032494 _____ C:\WINDOWS\SchedLgU.Txt2014-01-17 22:20 - 2011-07-06 02:35 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW2014-01-17 22:19 - 2014-01-17 22:19 - 00002789 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\JavaRa.log2014-01-17 22:18 - 2014-01-17 22:17 - 00002789 _____ C:\JavaRa.log2014-01-17 22:16 - 2014-01-17 22:16 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RemoveJava2014-01-17 22:09 - 2014-01-17 22:09 - 01221120 _____ (Farbar) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\FRST.exe2014-01-17 22:06 - 2014-01-17 22:06 - 00165483 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\JavaRa-1.16-28-5-13.zip2014-01-17 22:04 - 2011-07-06 23:22 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Skype2014-01-17 22:02 - 2012-02-29 03:17 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk2014-01-17 21:57 - 2008-07-22 07:50 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl2014-01-17 21:33 - 2012-10-29 08:57 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-01-17 16:00 - 2010-06-19 22:46 - 00000332 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job2014-01-16 15:57 - 2011-08-16 08:15 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Start Menu\Programs\Dropbox2014-01-16 15:39 - 2013-11-13 00:00 - 00000000 ____D C:\WINDOWS\system32\MRT2014-01-16 15:34 - 2010-01-02 21:59 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-01-16 15:31 - 2014-01-16 15:31 - 00004354 _____ C:\WINDOWS\KB2914368.log2014-01-16 15:31 - 2014-01-16 15:31 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$2014-01-16 15:31 - 2013-12-11 23:16 - 00047339 _____ C:\WINDOWS\iis6.log2014-01-16 15:31 - 2013-12-11 23:16 - 00043118 _____ C:\WINDOWS\FaxSetup.log2014-01-16 15:31 - 2013-12-11 23:16 - 00020692 _____ C:\WINDOWS\ocgen.log2014-01-16 15:31 - 2013-12-11 23:16 - 00019752 _____ C:\WINDOWS\tsoc.log2014-01-16 15:31 - 2013-12-11 23:16 - 00014566 _____ C:\WINDOWS\comsetup.log2014-01-16 15:31 - 2013-12-11 23:16 - 00013454 _____ C:\WINDOWS\msmqinst.log2014-01-16 15:31 - 2013-12-11 23:16 - 00008808 _____ C:\WINDOWS\ntdtcsetup.log2014-01-16 15:31 - 2013-12-11 23:16 - 00007581 _____ C:\WINDOWS\netfxocm.log2014-01-16 15:31 - 2013-12-11 23:16 - 00002975 _____ C:\WINDOWS\MedCtrOC.log2014-01-16 15:31 - 2013-12-11 23:16 - 00002394 _____ C:\WINDOWS\ocmsn.log2014-01-16 15:31 - 2013-12-11 23:16 - 00002177 _____ C:\WINDOWS\tabletoc.log2014-01-16 15:31 - 2013-12-11 23:16 - 00002163 _____ C:\WINDOWS\msgsocm.log2014-01-16 15:31 - 2013-12-11 23:16 - 00001374 _____ C:\WINDOWS\imsins.log2014-01-16 10:34 - 2008-07-21 23:55 - 00529108 _____ C:\WINDOWS\system32\PerfStringBackup.INI2014-01-16 02:06 - 2013-11-21 14:00 - 00000000 ____D C:\Program Files\ForeScout SecureConnector2014-01-16 00:19 - 2014-01-12 23:15 - 00002602 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\Rkill.txt2014-01-15 23:45 - 2012-02-29 03:04 - 00002108 ____H C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Default.rdp2014-01-15 23:13 - 2009-09-22 02:51 - 00000000 ____D C:\WINDOWS\system32\FxsTmp2014-01-15 10:11 - 2013-11-02 05:25 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Pantech2014-01-15 09:51 - 2013-11-23 22:10 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Application Data\SlickVPN2014-01-14 23:28 - 2014-01-14 23:28 - 00095010 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-14 Good Faith in Settlement v1.pptx2014-01-14 10:55 - 2011-07-28 23:00 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\CutePDF Writer2014-01-14 01:05 - 2014-01-14 01:05 - 00044032 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-13 Weekly Prosecution work load_ByAttorney.xls2014-01-13 21:35 - 2014-01-13 21:35 - 00036513 _____ C:\ComboFix.txt2014-01-13 21:35 - 2012-09-28 13:18 - 00000000 ____D C:\Qoobox2014-01-13 21:31 - 2008-07-22 07:50 - 00000227 _____ C:\WINDOWS\system.ini2014-01-13 21:15 - 2014-01-13 21:15 - 00000000 _RSHD C:\cmdcons2014-01-13 21:15 - 2008-07-22 07:50 - 00000327 __RSH C:\boot.ini2014-01-13 16:44 - 2014-01-13 17:32 - 05166068 ____R (Swearware) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\ComboFix.exe2014-01-12 23:22 - 2014-01-12 23:17 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RK_Quarantine2014-01-12 23:20 - 2014-01-12 23:20 - 09632128 _____ () C:\WINDOWS\system32\Drivers\snp2uvc.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00503008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00203136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00196224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00181912 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00177632 _____ (Synaptics, Inc.) C:\WINDOWS\system32\Drivers\SynTP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00175744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00139784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00127096 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00118960 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\teefer.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00102656 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\Rtenicxp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00092080 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00083864 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00050576 _____ (UPEK Inc.) C:\WINDOWS\system32\Drivers\tcusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00046592 _____ (REDC) C:\WINDOWS\system32\Drivers\rimmptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00046144 _____ (Lenovo) C:\WINDOWS\system32\Drivers\tvtumon.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00044944 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\pxhelp20.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00043008 _____ (REDC) C:\WINDOWS\system32\Drivers\rimsptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00039368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00038400 _____ (REDC) C:\WINDOWS\system32\Drivers\rixdptsk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00035040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00033536 _____ (Lenovo) C:\WINDOWS\system32\Drivers\tvtfilter.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00032864 _____ (ShoreTel, Inc) C:\WINDOWS\system32\Drivers\staccel.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00030336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00030144 _____ (Lenovo (United States) Inc.) C:\WINDOWS\system32\Drivers\psadd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00026624 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00017844 _____ (Lenovo Group Limited) C:\WINDOWS\system32\Drivers\TPHKDRV.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00013952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\s24trans.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00007012 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pmemnt.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004608 _____ C:\WINDOWS\system32\Drivers\TSMAPIP.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004442 _____ C:\WINDOWS\system32\Drivers\TPPWRIF.SYS.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak2014-01-12 23:20 - 2014-01-12 23:20 - 00002076 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RKreport[0]_S_01122014_232015.txt2014-01-12 23:19 - 2014-01-12 23:19 - 05977216 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETw5x32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 02019232 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00985472 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSF_DPV.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00764416 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\Drivers\CHDAU32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00731264 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSF_CNXT.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00456320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00329752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStor.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00308859 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00210560 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Drivers\HSFHWAZL.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00131984 _____ (Deterministic Networks, Inc.) C:\WINDOWS\system32\Drivers\dne2000.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00124000 _____ (Kings Information & Network) C:\WINDOWS\system32\Drivers\kcrtx86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00117800 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ApsX86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00116224 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcHdmi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00099848 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00067960 _____ (Citrix Systems, Inc.) C:\WINDOWS\system32\Drivers\ctxusbm.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ohci1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394bus.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00051768 _____ (Roxio) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00028120 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00022312 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ibmpmdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020520 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\ApsHM86.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00020032 _____ (Devguru Co., Ltd) C:\WINDOWS\system32\Drivers\dgderdrv.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012856 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012672 _____ (Conexant) C:\WINDOWS\system32\Drivers\mdmxsdk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011520 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\ANC.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00008576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i2omgmt.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00007936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005760 _____ C:\WINDOWS\system32\Drivers\A0101X32.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00005275 _____ (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\CVirtA.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ C:\WINDOWS\system32\Drivers\IBMBLDID.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak2014-01-12 23:19 - 2014-01-12 23:19 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak2014-01-12 23:09 - 2014-01-12 23:09 - 03810304 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\RogueKiller.exe2014-01-12 23:09 - 2012-09-28 13:18 - 00000000 ____D C:\WINDOWS\erdnt2014-01-12 23:07 - 2014-01-12 23:07 - 00000000 ____D C:\Program Files\ERUNT2014-01-12 23:07 - 2014-01-12 23:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT2014-01-12 23:05 - 2014-01-12 23:05 - 00791393 _____ (Lars Hederer ) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\erunt-setup.exe2014-01-12 23:04 - 2014-01-12 23:03 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\brothermel.PARK-LAW\Desktop\rkill.exe2014-01-12 22:55 - 2013-12-08 22:31 - 00033323 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\attach.txt2014-01-12 22:55 - 2013-12-08 22:31 - 00027562 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\dds.txt2014-01-12 22:51 - 2009-09-23 22:50 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\My Documents\SSC - SOD - SV2014-01-12 19:09 - 2014-01-12 19:09 - 00943416 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\CKSetup32.exe2014-01-12 19:09 - 2014-01-12 19:09 - 00434428 _____ (SoftForum Corporation) C:\WINDOWS\system32\CKCSP.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00394552 _____ (SoftForum Co., Ltd.) C:\WINDOWS\system32\XecureCK.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00210272 _____ (SoftForum Co., Ltd.) C:\WINDOWS\system32\npKeyPro.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00191000 _____ (Kings Information & Network) C:\WINDOWS\system32\kcrypto.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00181560 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\CKApp.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00152888 _____ (SoftForum Co. Ltd.) C:\WINDOWS\system32\jrsoftcp.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00126048 _____ (Kings Information & Network) C:\WINDOWS\system32\kcrtx86.sys2014-01-12 19:09 - 2014-01-12 19:09 - 00124216 ____R (SoftForum Co., Ltd.) C:\WINDOWS\system32\CKAgent.exe2014-01-12 19:09 - 2014-01-12 19:09 - 00070968 _____ (SoftForm Co. Ltd.) C:\WINDOWS\system32\CKKeyProCert.dll2014-01-12 19:09 - 2014-01-12 19:09 - 00037944 _____ (SoftForum Corporation) C:\WINDOWS\system32\JRSKD24.SYS2014-01-12 19:09 - 2014-01-12 19:09 - 00012728 _____ (SoftForum Corporation) C:\WINDOWS\system32\JRSUKD25.SYS2014-01-12 15:27 - 2009-08-21 06:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ___HD C:\WINDOWS\yessign2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\XecureSSL2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\Program Files\SoftForum2014-01-11 01:44 - 2014-01-11 01:44 - 00000000 ____D C:\Program Files\NPKI2014-01-10 11:53 - 2013-12-11 15:39 - 00219815 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-10 BCR America Invents Act.pptx2014-01-10 09:34 - 2011-10-28 00:49 - 00001984 _____ C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\d3d9caps.dat2014-01-08 12:09 - 2013-12-11 23:16 - 00002298 _____ C:\WINDOWS\setupact.log2014-01-08 11:42 - 2014-01-08 11:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage2014-01-08 11:42 - 2014-01-04 15:27 - 00004152 _____ C:\WINDOWS\wmsetup.log2014-01-08 11:42 - 2013-11-13 09:11 - 00000789 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\Windows Media Player.lnk2014-01-08 11:42 - 2011-07-06 02:36 - 00000795 _____ C:\Documents and Settings\brothermel.PARK-LAW\Start Menu\Programs\Windows Media Player.lnk2014-01-08 11:42 - 2008-07-22 07:01 - 00000000 __SHD C:\Documents and Settings\All Users\DRM2014-01-08 10:09 - 2014-01-08 10:09 - 00043520 _____ C:\Documents and Settings\brothermel.PARK-LAW\Desktop\2014-01-06 Weekly Prosecution work load_ByAttorney.xls2014-01-07 14:04 - 2012-07-02 20:51 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\My Documents\POSCO LED2014-01-04 16:08 - 2013-11-23 22:11 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\SlickVPN2014-01-04 16:08 - 2013-11-23 22:10 - 00000000 ____D C:\Program Files\SlickVPN2014-01-04 15:38 - 2014-01-04 15:27 - 00001084 _____ C:\WINDOWS\spupdsvc.log2014-01-04 15:35 - 2010-01-02 22:13 - 00065536 _____ C:\WINDOWS\system32\config\Lenovo-M.evt2014-01-04 15:34 - 2014-01-04 15:34 - 00001004 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Citrix Receiver.lnk2014-01-04 15:34 - 2013-10-15 08:17 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Citrix2014-01-04 15:34 - 2013-10-07 04:40 - 00000000 ____D C:\Program Files\Citrix2014-01-04 15:34 - 2013-10-07 04:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix2014-01-04 15:33 - 2013-10-07 04:40 - 00000000 ____D C:\Documents and Settings\Default User\Application Data\ICAClient2014-01-04 15:31 - 2014-01-04 15:31 - 00000000 ____D C:\Program Files\Common Files\Citrix2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D C:\WINDOWS\system32\DRM2014-01-04 09:31 - 2014-01-04 09:31 - 00000000 ____D C:\Program Files\Dell2014-01-03 17:17 - 2014-01-03 16:42 - 00000000 ____D C:\WINDOWS\system32\NtmsData2014-01-03 16:43 - 2008-07-22 07:00 - 00000000 ____D C:\WINDOWS\Registration2014-01-03 16:43 - 2008-07-21 23:51 - 00000000 ____D C:\WINDOWS\repair2013-12-29 22:52 - 2013-12-29 22:52 - 00009033 _____ C:\__PatchLink02bd.cab2013-12-29 10:00 - 2010-06-19 22:46 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job2013-12-27 09:36 - 2013-12-27 09:36 - 00000425 _____ C:\Documents and Settings\All Users\Desktop\Transfer Folder.lnk2013-12-27 09:36 - 2013-12-27 09:36 - 00000000 ____D C:\Transfer Folder2013-12-22 14:33 - 2009-09-23 22:50 - 00000000 ____D C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Samsung LCD SDC & Telecomm Some content of TEMP:====================C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\temp\jre-7u51-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jgbeehive Posted January 17, 2014 Author ID:779120 Share Posted January 17, 2014 And finally, the Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-01-2014 03Ran by BRothermel at 2014-01-17 22:30:14Running from C:\Documents and Settings\brothermel.PARK-LAW\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Disabled - Up to date) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Symantec Endpoint Protection (Disabled) {BE898FE3-CD0B-4014-85A9-03DB9923DDB6} ==================== Installed Programs ====================== Access Help (Version: - )Adobe Flash Player 11 ActiveX (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Reader 9.5.5 (Version: 9.5.5 - Adobe Systems Incorporated)Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)Camera Center (Version: 1.0.29 - Lenovo)CCleaner (Version: 3.20 - Piriform)Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7 - Cisco Systems, Inc.)Cisco WebEx Meetings (Version: - Cisco WebEx LLC)Citrix Authentication Manager (Version: 3.0.0.47031 - Citrix Systems, Inc.) HiddenCitrix Receiver (HDX Flash Redirection) (Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenCitrix Receiver (Version: 13.3.0.55 - Citrix Systems, Inc.)Citrix Receiver Inside (Version: 3.3.0.17208 - Citrix Systems, Inc.) HiddenCitrix Receiver Updater (Version: 3.3.0.17207 - Citrix Systems, Inc.) HiddenCitrix Receiver(Aero) (Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenCitrix Receiver(DV) (Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenCitrix Receiver(USB) (Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenClient Security - Password Manager (Version: 8.20.0023.00 - Lenovo Group Limited)ClientKeeper KeyPro with E2E for 32bit (Version: - SoftForum Co. Ltd.)Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000 - Microsoft Corporation)Conexant HD Audio (Version: 3.54.0.0 - Conexant)Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)CutePDF Writer 2.8 (Version: - )Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)Dell KACE Agent (Version: 5.5.30275 - Dell Inc.)DirectXInstallService (Version: 9.0.2 - Roxio) HiddenDrag-to-Disc (Version: 9.05 - Sonic Solutions)Dropbox (Version: 2.4.11 - Dropbox, Inc.)ERUNT 1.1j (Version: - Lars Hederer)Google Chrome (Version: 31.0.1650.63 - Google Inc.)Google Update Helper (Version: 1.3.22.3 - Google Inc.) HiddenHDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.50 - Conexant Systems)Help Center (Version: 2.00n - )Integrated Camera (Version: 5.8.35003.0 - Sonix)Intel PROSet Wireless (Version: - ) HiddenIntel® Graphics Media Accelerator Driver (Version: 6.14.10.5402 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000 - Intel Corporation)InterVideo Register Manager (Version: 1.0.4.0 - InterVideo Inc.) HiddenInterVideo WinDVD (Version: 5.0-B11.1243 - InterVideo Inc.)ISiCastAgent1.0 (Version: - KBS)Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)KCP Å©·Î½ººê¶ó¿ì¡ ActiveX ¹öÀü (Version: - )Lenovo Care (Version: 3.00b - )Lenovo Care Supplement (Version: 3.00b - )Lenovo Registration (Version: - Lenovo - Leader Technologies)Lenovo ThinkVantage Toolbox (Version: 6.0.5514.60 - PC-Doctor, Inc.)Lenovo_ATK_Package (Version: 0.00.04.0 - Lenovo)Lexmark Universal v2 Uninstaller (Version: - Lexmark International, Inc.)Matrox PowerDesk (Version: 1.11.0001.0511 2.07.01 GXM - Matrox Graphics Inc.)Message Center (Version: 2.01g - )Message Center Plus (Version: 2.0.0012.00 - Lenovo Group Limited)Microsoft .NET Framework 1.1 (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2656353) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB2656370) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Base Smart Card Cryptographic Service Provider Package (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) HiddenMicrosoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) HiddenMicrosoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) HiddenMicrosoft Office 2003 Web Components (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office 2010 Primary Interop Assemblies (Version: 14.0.4763.1024 - Microsoft Corporation)Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Home and Business 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202 - Microsoft Corporation)Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.7015.1000 - Microsoft Corporation) HiddenMicrosoft SQL Server 2008 Native Client (Version: 10.0.1600.22 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft WinUsb 1.0 (Version: - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6.0 Parser (Version: 6.10.1129.0 - Microsoft Corporation)NexDef Plug-in (Version: - )Nuance PDF Converter Professional 7 (Version: 7.20.3160 - Nuance Communications, Inc.)On Screen Display (Version: 5.32.00 - )Online Data Backup (Version: 1.00.0001 - lenovo)Online Plug-in (Version: 13.3.0.55 - Citrix Systems, Inc.) HiddenooVoo (Version: 3.5.9041 - ooVoo LLC.)Patricia 5.1 (Version: 5.1.2 - Patrix AB)Patricia 5.1 (Version: 5.1.2 - Patrix AB) HiddenPresentation Director (Version: 4.07 - )REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.13.0000 - Realtek)Rescue and Recovery (Version: 4.21.0030.00 - Lenovo Group Limited)RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 (Version: 3.55.01 - )Roxio Activation Module (Version: 1.0 - Roxio) HiddenRoxio Central Audio (Version: 3.7.0 - Roxio) HiddenRoxio Central Copy (Version: 3.7.0 - Roxio) HiddenRoxio Central Core (Version: 3.7.0 - Roxio) HiddenRoxio Central Data (Version: 3.7.0 - Roxio) HiddenRoxio Central Tools (Version: 3.7.0 - Roxio) HiddenRoxio Creator Small Business Edition (Version: 10.1 - Roxio)Roxio Creator Small Business Edition (Version: 10.1.177 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenSamsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) HiddenSAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)Scansoft PDF Professional (Version: - ) HiddenScreenConnect Client (89606bea9a3af76e) (Version: 4.0.5454.5032 - Elsinore Technologies, Inc.)Self-service Plug-in (Version: 3.3.0.27839 - Citrix Systems, Inc.) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) HiddenShoreTel Communicator (Version: 17.62.3702.0 - ShoreTel, Inc.)Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)SlickVPN v0.1.279 (gb69fb82) (Version: 0.1.279 - SlickVPN)Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) HiddenSonic Icons for Lenovo (Version: 2.0.0 - Lenovo)Symantec Endpoint Protection (Version: 12.1.671.4971 - Symantec Corporation)System Update (Version: 3.14.0024 - Lenovo)TeamViewer 7 (Version: 7.0.12979 - TeamViewer)ThinkPad EasyEject Utility (Version: 2.38 - )ThinkPad FullScreen Magnifier (Version: 2.10 - )ThinkPad PC Card Power Policy (Version: 1.02 - ) HiddenThinkPad Power Management Driver for SL Series (Version: 1.44 - )ThinkPad Power Manager (Version: 1.64 - )ThinkPad UltraNav Driver (Version: 7.5.19.5 - )ThinkPad UltraNav Utility (Version: 2.11 - Lenovo)ThinkVantage Access Connections (Version: 5.33 - )ThinkVantage Active Protection System (Version: 1.70 - Lenovo)ThinkVantage Fingerprint Software 5.8 (Version: 5.8.2.4462 - UPEK Inc.)ThinkVantage Technologies Welcome Message (Version: 2.00 - ) HiddenUniPrint Client 5.0 (Version: 5.0.0 - UniPrint)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)Update for Windows Internet Explorer 7 (KB976749) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows Internet Explorer 8 (KB2447568) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB978506) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2264107) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2492386) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2808679) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2813347-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB943729) (Version: - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB958911) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB974266) (Version: - Microsoft Corporation)Verizon Wireless BroadbandAccess Self Activation (Version: 1.3.2 - Smith Micro Software, Inc.)Visual Studio Tools for the Office system 3.0 Runtime (Version: - Microsoft Corporation)Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.30729 - Microsoft Corporation) HiddenVisual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (Version: 1 - Microsoft Corporation)Wallpapers (Version: - ) HiddenWebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebSlingPlayer ActiveX (Version: 1.5.6152 - Sling Media)Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)Windows Management Framework Core (Version: - Microsoft Corporation)Windows Media Connect (Version: - Microsoft Corporation) HiddenWindows Media Format 11 runtime (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) HiddenWindows Rights Management Client with Service Pack 2 (Version: 5.2.95 - Microsoft)Windows Small Business Server 2011 Standard ClientAgent (Version: 6.1.7900.1 - Microsoft Corporation)Windows Small Business Server 2011 Standard WMI Provider (Version: 6.1.7900.1 - Microsoft Corporation) HiddenXecureWeb Control (Version: - )XML Paper Specification Shared Components Pack 1.0 (Version: - Microsoft Corporation) HiddenXP Themes (Version: 1.00.0000 - Lenovo) HiddenYahoo! Detect (Version: - ) ==================== Restore Points ========================= 19-10-2013 17:42:17 System Checkpoint21-10-2013 16:24:46 System Checkpoint22-10-2013 17:15:34 System Checkpoint23-10-2013 22:02:39 System Checkpoint25-10-2013 02:27:08 System Checkpoint26-10-2013 16:25:56 System Checkpoint28-10-2013 14:23:28 System Checkpoint29-10-2013 16:30:26 System Checkpoint30-10-2013 17:59:43 System Checkpoint31-10-2013 20:41:22 System Checkpoint03-11-2013 16:16:05 System Checkpoint04-11-2013 16:43:45 System Checkpoint06-11-2013 03:49:41 System Checkpoint07-11-2013 05:07:09 System Checkpoint08-11-2013 05:29:28 System Checkpoint10-11-2013 05:21:05 Removed Patricia 5.110-11-2013 05:43:38 Installed Patricia 5.110-11-2013 05:58:57 Removed Microsoft SQL Server 2008 Native Client10-11-2013 06:01:19 Removed Microsoft SQL Server Native Client10-11-2013 06:03:35 Removed Patricia 5.110-11-2013 06:04:57 Installed Microsoft SQL Server 2008 Native Client10-11-2013 06:06:45 Installed Patricia 5.111-11-2013 09:43:41 System Checkpoint12-11-2013 10:45:47 System Checkpoint12-11-2013 13:29:45 Installed Windows XP KB943729.12-11-2013 13:48:44 Installed Windows XP KB2543367.12-11-2013 13:49:27 Installed Windows XP KB2794119.12-11-2013 13:52:24 Installed Windows XP KB942288-v3.12-11-2013 13:53:00 Installed Windows XP KB976002-v5.12-11-2013 13:54:05 Installed Windows XP KB2876217.12-11-2013 13:54:57 Installed Windows XP KB2864063.12-11-2013 13:55:45 Installed Windows XP KB2847311.12-11-2013 13:56:39 Installed Windows XP KB2862330.12-11-2013 13:57:36 Installed Windows XP KB2862335.12-11-2013 13:58:36 Installed Windows XP KB2868038.12-11-2013 14:00:30 Installed Windows XP KB2883150.12-11-2013 14:01:24 Installed Windows XP KB2808679.12-11-2013 14:01:52 Installed Windows XP KB2863058.12-11-2013 14:04:52 Installed Windows XP KB2264107.12-11-2013 14:05:15 Installed Windows XP KB2447568.12-11-2013 14:05:42 Installed Windows XP KB2492386.12-11-2013 14:07:30 Installed Windows XP KB2598845.12-11-2013 14:07:56 Installed Windows XP KB2632503.12-11-2013 14:09:39 Installed MSXML 2 KB887606_26.12-11-2013 14:10:00 Installed %1 %2.12-11-2013 14:10:41 Installed Windows XP KB943232-v2.12-11-2013 14:11:15 Installed Windows XP KB944043-v3.12-11-2013 14:11:36 Installed Windows XP KB2478960.12-11-2013 14:11:57 Installed Windows XP KB2712808.12-11-2013 14:12:16 Installed Windows XP KB971657.12-11-2013 14:12:35 Installed Windows XP KB975467.12-11-2013 14:13:05 Installed Windows XP KB951830.12-11-2013 14:13:42 Installed Windows XP KB968389.12-11-2013 14:14:30 Installed %1 %2.12-11-2013 14:15:35 Installed Windows XP KB969084.12-11-2013 14:16:06 Installed Windows XP KB974266.12-11-2013 14:16:35 Installed Windows XP KB978506.12-11-2013 14:17:04 Installed Windows XP KB982316.12-11-2013 14:18:17 Installed Windows XP KB941569.12-11-2013 14:19:05 Installed Windows XP KB941569.12-11-2013 14:21:34 Installed Windows Media Player KB2834904-v2.12-11-2013 14:30:38 Installed Windows XP KB2879017.12-11-2013 15:06:45 Installed Windows Media Player 1112-11-2013 15:10:36 Installed Windows XP MSCompPackV1.12-11-2013 15:44:42 Installed Windows Media Player 11 KB959772.12-11-2013 15:45:13 Installed Windows Media Player 11 KB954154.12-11-2013 15:46:04 Installed Windows Media Player KB2378111.12-11-2013 15:47:56 Installed Windows XP KB2813347-v2.12-11-2013 15:51:16 Installed Windows Media Format 11 SDK KB929399.12-11-2013 15:52:06 Installed Windows Media Player 11 KB939683.12-11-2013 15:52:31 Installed Windows XP KB978506.12-11-2013 16:22:28 Installed Windows XP KB978506.14-11-2013 03:20:33 System Checkpoint15-11-2013 03:22:16 System Checkpoint15-11-2013 15:30:29 Installed Windows XP KB2876331.15-11-2013 15:31:34 Installed Windows XP KB2900986.15-11-2013 15:32:20 Installed Windows XP KB2868626.15-11-2013 15:33:05 Installed Windows XP KB2862152.15-11-2013 15:35:00 Installed Windows XP KB2888505.16-11-2013 16:42:29 System Checkpoint18-11-2013 00:07:13 System Checkpoint19-11-2013 05:43:04 System Checkpoint20-11-2013 06:27:45 System Checkpoint21-11-2013 13:53:10 Installed Windows XP KB978506.21-11-2013 14:33:41 Installed Windows XP KB978506.22-11-2013 14:12:02 Installed Windows XP KB978506.24-11-2013 02:45:53 System Checkpoint26-11-2013 03:22:34 System Checkpoint27-11-2013 03:52:22 System Checkpoint29-11-2013 03:08:32 System Checkpoint30-11-2013 03:56:00 System Checkpoint01-12-2013 06:57:36 System Checkpoint02-12-2013 12:37:13 System Checkpoint03-12-2013 17:12:15 System Checkpoint05-12-2013 05:30:45 System Checkpoint06-12-2013 05:51:11 System Checkpoint06-12-2013 14:20:56 Removed UniPrint Client 5.0.06-12-2013 14:52:53 Removed UniPrint Client 5.0.06-12-2013 17:08:49 Installed Windows XP KB958911.07-12-2013 01:27:12 Removed UniPrint Client 5.0.08-12-2013 00:02:01 Removed UniPrint Client 5.0.08-12-2013 02:29:24 Removed UniPrint Client 5.0.08-12-2013 03:40:22 Removed UniPrint Client 5.0.08-12-2013 03:56:07 Removed UniPrint Client 5.0.09-12-2013 04:40:08 System Checkpoint10-12-2013 08:11:48 System Checkpoint11-12-2013 11:44:41 System Checkpoint11-12-2013 14:16:16 Installed Windows XP KB2893294.11-12-2013 14:16:52 Installed Windows XP KB2892075.11-12-2013 14:17:25 Installed Windows XP KB2893984.11-12-2013 14:17:58 Installed Windows XP KB2898715.11-12-2013 14:21:36 Installed Windows XP KB2898785.12-12-2013 13:24:39 Removed UniPrint Client 5.0.12-12-2013 13:59:59 Installed Windows XP KB2904266.13-12-2013 17:01:06 System Checkpoint15-12-2013 04:29:06 System Checkpoint16-12-2013 07:34:37 System Checkpoint17-12-2013 08:20:46 System Checkpoint18-12-2013 11:41:49 System Checkpoint20-12-2013 05:13:35 System Checkpoint21-12-2013 05:46:19 System Checkpoint22-12-2013 06:47:57 System Checkpoint24-12-2013 03:07:57 System Checkpoint25-12-2013 06:29:46 System Checkpoint26-12-2013 17:16:40 System Checkpoint28-12-2013 12:08:17 System Checkpoint29-12-2013 12:44:30 System Checkpoint01-01-2014 13:46:08 System Checkpoint03-01-2014 01:54:50 System Checkpoint04-01-2014 03:01:10 System Checkpoint04-01-2014 06:27:08 Installed Windows Media Player KB973540.05-01-2014 09:48:35 System Checkpoint06-01-2014 10:36:17 System Checkpoint07-01-2014 15:01:35 System Checkpoint08-01-2014 16:07:02 System Checkpoint10-01-2014 03:15:52 System Checkpoint11-01-2014 03:55:57 System Checkpoint12-01-2014 04:18:46 System Checkpoint13-01-2014 08:17:11 System Checkpoint15-01-2014 02:13:20 System Checkpoint16-01-2014 03:34:02 System Checkpoint16-01-2014 06:31:41 Installed Windows XP KB2914368.17-01-2014 06:40:13 System Checkpoint17-01-2014 13:13:38 Removed Java 7 Update 917-01-2014 13:14:39 Removed Java 6 Update 31 ==================== Hosts content: ========================== 2008-07-22 07:49 - 2014-01-13 21:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exeTask: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXETask: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\pcdrcui.exe ==================== Loaded Modules (whitelisted) ============= 2009-09-22 02:27 - 2007-07-13 14:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll2010-09-28 01:03 - 2010-09-28 01:03 - 00201512 _____ () C:\WINDOWS\system32\vpnapi.dll2011-05-11 23:55 - 2011-05-11 23:55 - 00290816 _____ () C:\Program Files\Matrox Graphics\PowerDesk\MtxDEDll.dll2008-11-25 07:28 - 2008-11-25 07:28 - 00139264 _____ () C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll2009-08-21 06:43 - 2009-07-30 00:33 - 00043520 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll2009-08-21 06:43 - 2009-07-30 00:33 - 00073728 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll2008-11-25 07:28 - 2008-11-25 07:28 - 00139264 _____ () c:\Program Files\Common Files\Lenovo\CDRecord.dll2009-02-03 13:50 - 2009-02-03 13:50 - 00028672 _____ () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll2009-02-03 13:50 - 2009-02-03 13:50 - 00020480 _____ () C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll2009-02-03 13:50 - 2009-02-03 13:50 - 00032768 _____ () C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll2009-02-03 13:50 - 2009-02-03 13:50 - 00007680 _____ () C:\Program Files\Lenovo\Camera Center\bin\en-US\LocalizationWrapper.resources.dll2009-08-21 06:42 - 2009-10-23 15:04 - 00030720 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL2009-08-21 06:39 - 2007-03-10 08:16 - 00106496 ____R () C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll2009-08-21 06:42 - 2009-10-23 15:04 - 00049152 ____N () C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL2009-08-21 06:43 - 2009-07-30 00:33 - 00229376 _____ () C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll2013-05-24 04:11 - 2013-05-24 04:11 - 00036352 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll2013-05-24 04:12 - 2013-05-24 04:12 - 17163776 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll2013-05-24 04:11 - 2013-05-24 04:11 - 00564736 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll2013-05-23 23:15 - 2013-05-23 23:15 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll2013-05-23 09:34 - 2013-05-23 09:34 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll2013-10-19 08:55 - 2013-10-19 08:55 - 25100288 _____ () C:\Documents and Settings\brothermel.PARK-LAW\Application Data\Dropbox\bin\libcef.dll2011-08-12 00:27 - 2011-08-12 00:27 - 00020480 _____ () C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll2011-08-12 00:27 - 2011-08-12 00:27 - 00069632 _____ () C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\rt\bin\java.dll2011-08-12 00:27 - 2011-08-12 00:27 - 00126976 _____ () C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\rt\bin\zip.dll2011-08-12 00:27 - 2011-08-12 00:27 - 00159744 _____ () C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll2009-08-21 06:37 - 2007-06-19 08:28 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0574215C ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (89606bea9a3af76e) => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN AdapterDescription: Cisco Systems VPN AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (01/17/2014 06:57:36 PM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for PARK-LAW\BRothermel failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (01/17/2014 06:56:26 PM) (Source: AutoEnrollment) (User: )Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\ResEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\CmnClnt\ccGEvt\GlobalEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\CmnClnt\ccGEvtEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\CmnClntEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\BinEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105Event Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec Shared\EENGINEEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM Error: (01/17/2014 03:37:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)Description: SYMANTEC TAMPER PROTECTION ALERT Target: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\SRTSPEvent Info: Open FileActionTaken: LoggedActor Process: C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE (PID 11828)Time: Friday, January 17, 2014 3:37:50 PM System errors:=============Error: (01/17/2014 10:25:04 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 192.168.2.101,since the IP address is outside the 192.168.0.0/255.255.255.0 scopefrom which addresses are being allocated to DHCP clients.To enable the DHCP allocator on this IP address,please change the scope to include the IP address,or change the IP address to fall within the scope. Error: (01/17/2014 10:24:02 PM) (Source: Service Control Manager) (User: )Description: The SessionLauncher service failed to start due to the following error: %%3 Error: (01/17/2014 10:23:30 PM) (Source: NETLOGON) (User: )Description: No Domain Controller is available for domain PARK-LAW due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (01/17/2014 06:56:17 PM) (Source: ipnathlp) (User: )Description: The DHCP allocator has disabled itself on IP address 192.168.2.101,since the IP address is outside the 192.168.0.0/255.255.255.0 scopefrom which addresses are being allocated to DHCP clients.To enable the DHCP allocator on this IP address,please change the scope to include the IP address,or change the IP address to fall within the scope. Error: (01/17/2014 06:56:16 PM) (Source: W32Time) (User: )Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (01/17/2014 06:56:16 PM) (Source: W32Time) (User: )Description: Time Provider NtpClient: An error occurred during DNS lookup of the manuallyconfigured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15minutes.The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error: (01/17/2014 06:56:08 PM) (Source: NETLOGON) (User: )Description: No Domain Controller is available for domain PARK-LAW due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (01/17/2014 02:44:09 PM) (Source: NETLOGON) (User: )Description: No Domain Controller is available for domain PARK-LAW due to the following: %%1311. Make sure that the computer is connected to the network and tryagain. If the problem persists, please contact your domain administrator. Error: (01/17/2014 10:44:35 AM) (Source: W32Time) (User: )Description: The time provider NtpClient is configured to acquire time from one or moretime sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes.NtpClient has no source of accurate time. Error: (01/17/2014 10:44:35 AM) (Source: W32Time) (User: )Description: Time Provider NtpClient: An error occurred during DNS lookup of the manuallyconfigured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15minutes.The error was: A socket operation was attempted to an unreachable host. (0x80072751) Microsoft Office Sessions:========================= ==================== Memory info =========================== Percentage of memory in use: 32%Total physical RAM: 3037.23 MBAvailable physical RAM: 2039.66 MBTotal Pagefile: 4921.32 MBAvailable Pagefile: 4059.57 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1930.42 MB ==================== Drives ================================ Drive c: (Preload) (Fixed) (Total:227.18 GB) (Free:163.26 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive d: (Civil War Disc 3) (CDROM) (Total:7.59 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 233 GB) (Disk ID: 777AA0E1)Partition 1: (Active) - (Size=227 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=6 GB) - (Type=12) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 18, 2014 Root Admin ID:779434 Share Posted January 18, 2014 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.Run FRST or FRST64 and press the Fix button just once and wait.If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
jgbeehive Posted January 18, 2014 Author ID:779524 Share Posted January 18, 2014 Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 17-01-2014 03Ran by BRothermel at 2014-01-18 19:36:14 Run:1Running from C:\Documents and Settings\brothermel.PARK-LAW\DesktopBoot Mode: Normal ============================================== Content of fixlist:*****************HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.patentlyo.com/SearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/searchDPF: {34B5A473-9696-4F9A-9BA1-41B8185A9798} https://espace.samsu...ab/EpFTP3_U.cabDPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Documents and Settings\brothermel.PARK-LAW\My Documents\Downloads\CKKeyPro_Installer_Multi_10023.exeCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONC:\Documents and Settings\brothermel.PARK-LAW\Local Settings\temp\jre-7u51-windows-i586-iftw.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeAlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0574215C ***************** HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{34B5A473-9696-4F9A-9BA1-41B8185A9798} => Key deleted successfully.HKCR\CLSID\{34B5A473-9696-4F9A-9BA1-41B8185A9798} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6CE20149-ABE3-462E-A1B4-5B549971AA38} => Key deleted successfully.HKCR\CLSID\{6CE20149-ABE3-462E-A1B4-5B549971AA38} => Key deleted successfully.HKLM\SOFTWARE\Policies\Google => Key deleted successfully.C:\Documents and Settings\brothermel.PARK-LAW\Local Settings\temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.C:\Documents and Settings\All Users\Application Data\TEMP => ":0574215C" ADS removed successfully. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 18, 2014 Root Admin ID:779532 Share Posted January 18, 2014 Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MBNOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.Shutdown your antivirus to avoid any conflicts while scanning.Once the scans have completed please re-enable your antivirus.If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection ModulesIf needed you can also temporarily disable it from starting with WindowsTemporarily turn off any other security add-ons or applications you may also have.Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.If it does not have a Digital Signature then do not run it.Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.Click on the Yes button to start the installer.Click OK to scan your computer in the Enhanced Protection ModeClick on the check box to agree to participate in their software improvement program.Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.Then click on the Start scanning button.If a threat is found you can click on the Action column in the program.Your options will be Cure or IgnoreIf you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.Then click on the Neutralize button.Once completed click on the green Open Report link. It will open the report in NOTEPADSave the report to your desktop. The report will be called Cureit.logClose Dr.Web Cureit!Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, attach the log Cureit.log you saved previously in your next reply.Re-Enable your antivirus and other security programs when all done. Link to post Share on other sites More sharing options...
jgbeehive Posted January 18, 2014 Author ID:779554 Share Posted January 18, 2014 Hi, thanks. Uniprint still showing up in the system tray. cureit.log Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 18, 2014 Root Admin ID:779764 Share Posted January 18, 2014 Please show me a screen shot of it and run the following. I probably cannot reply until Monday but I'll try. Send me a PM if I've not replied by Monday. Create an Autoruns Log:Please download Sysinternals Autoruns from here.Save Autoruns.exe to your desktop and double-click it to run it.Once it starts, please press the Esc key on your keyboard.Now that scanning is stopped, click on the Options button at the top of the program and select Verify Code SignaturesOnce that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.When it's finished, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) FolderAttach the Autoruns.zip folder you just created to your next reply Link to post Share on other sites More sharing options...
jgbeehive Posted January 22, 2014 Author ID:781232 Share Posted January 22, 2014 Thanks, you will see the Uniprint icon in the tray screenshot. Also, there is a black and white citrix receiver icon there too next to the uniprint icon, which I am unsure about as well. Neither of those are things that I know what they are. AutoRuns.zip Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 22, 2014 Root Admin ID:781267 Share Posted January 22, 2014 Okay, the Citrix and Uniprint appear to both be part of the install that came directly from Lenovo I wouldn't want to manually rip it out as that might be a bit ugly. I would suggest you contact Lenovo Support or post on their forum and see if they have a guide or recommendation for the proper removal of said software. http://forums.lenovo.com/ Not sure why they do it but they basically hide the uninstaller routine for the Citrix software which can be set to show. http://www.citrix.com/products/receiver/overview.htmlhttps://www.uniprint.net/eng Or once you learn how to use that software you might find it useful and not want to remove it? Anyways... the computer did have quite a bit of junk we were able to clean up and remove - but the Citrix and Uniprint are not malware and possibly linked to each other. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 22, 2014 Root Admin ID:781385 Share Posted January 22, 2014 At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know.Let's go ahead and remove the tools and logs we've used during this process.Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.They are often updated daily so if you went to use them again in the future they would be outdated anyways.The following procedures will implement some cleanup procedures to remove these tools.It will also reset your System Restore by flushing out previous restore points and create a new restore point.It will also remove all the backups our tools may have created.Uninstall ComboFix (if used):Turn off all active protection software including your antivirus. Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button) Please copy and past the following into the box ComboFix /Uninstall and click OK. Note the space between the X and the /Uninstall, it needs to be there. Remove the rest of the tools used: Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not go ahead and delete it by yourself. If asked to restart the computer, please do soNote: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.AdwCleaner Removal:Double click on AdwCleaner.exe to run the tool. Click on Uninstall Confirm with YesESET antivirus Removal:This tool can be uninstalled via the Control Panel, Programs, Uninstall If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8Remove all but the most recent Restore Point on Windows XPAs Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable JavaA lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked BlogIf you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 27, 2014 Root Admin ID:783185 Share Posted January 27, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts