1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Audio Ads Playing In The Background

Discussion in 'Virus & Other Malware Removal' started by supergirlacd, Jan 7, 2014.

Thread Status:
Not open for further replies.
Advertisement
  1. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    I have ads playing in my background when connected to the internet but no windows are open. I've tried some of the suggestions listed on this forum but I think I need a manual command to fix the issue. Here are the logs of some of the programs I've tried to use to fix the problem. Any help would be appreciated.

    TDSSKILLER


    20:08:03.0536 5592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    20:08:05.0556 5592 ============================================================
    20:08:05.0556 5592 Current date / time: 2014/01/06 20:08:05.0556
    20:08:05.0556 5592 SystemInfo:
    20:08:05.0556 5592
    20:08:05.0556 5592 OS Version: 6.1.7601 ServicePack: 1.0
    20:08:05.0556 5592 Product type: Workstation
    20:08:05.0557 5592 ComputerName: OWNER-PC
    20:08:05.0557 5592 UserName: Owner
    20:08:05.0557 5592 Windows directory: C:\Windows
    20:08:05.0557 5592 System windows directory: C:\Windows
    20:08:05.0557 5592 Running under WOW64
    20:08:05.0557 5592 Processor architecture: Intel x64
    20:08:05.0557 5592 Number of processors: 4
    20:08:05.0557 5592 Page size: 0x1000
    20:08:05.0557 5592 Boot type: Normal boot
    20:08:05.0557 5592 ============================================================
    20:08:10.0040 5592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:08:10.0044 5592 Drive \Device\Harddisk1\DR1 - Size: 0x3C8C0000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:08:10.0073 5592 ============================================================
    20:08:10.0073 5592 \Device\Harddisk0\DR0:
    20:08:10.0073 5592 MBR partitions:
    20:08:10.0073 5592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    20:08:10.0074 5592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
    20:08:10.0074 5592 \Device\Harddisk1\DR1:
    20:08:10.0075 5592 MBR partitions:
    20:08:10.0075 5592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x1E4407
    20:08:10.0075 5592 ============================================================
    20:08:10.0256 5592 C: <-> \Device\Harddisk0\DR0\Partition2
    20:08:10.0256 5592 ============================================================
    20:08:10.0256 5592 Initialize success
    20:08:10.0256 5592 ============================================================
    20:08:14.0838 5688 ============================================================
    20:08:14.0839 5688 Scan started
    20:08:14.0839 5688 Mode: Manual;
    20:08:14.0839 5688 ============================================================
    20:08:32.0801 5908 ============================================================
    20:08:32.0801 5908 Scan started
    20:08:32.0801 5908 Mode: Manual; TDLFS;
    20:08:32.0801 5908 ============================================================
    20:08:37.0638 5908 ================ Scan system memory ========================
    20:08:37.0638 5908 System memory - ok
    20:08:37.0642 5908 ================ Scan services =============================
    20:08:39.0993 5908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    20:08:40.0017 5908 1394ohci - ok
    20:08:40.0165 5908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    20:08:40.0168 5908 ACPI - ok
    20:08:40.0270 5908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    20:08:40.0272 5908 AcpiPmi - ok
    20:08:40.0468 5908 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
    20:08:40.0469 5908 adfs - ok
    20:08:40.0946 5908 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:08:40.0947 5908 AdobeARMservice - ok
    20:08:41.0871 5908 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    20:08:41.0874 5908 AdobeFlashPlayerUpdateSvc - ok
    20:08:42.0640 5908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    20:08:42.0647 5908 adp94xx - ok
    20:08:42.0766 5908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    20:08:42.0770 5908 adpahci - ok
    20:08:42.0921 5908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    20:08:42.0924 5908 adpu320 - ok
    20:08:42.0991 5908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:08:43.0355 5908 AeLookupSvc - ok
    20:08:43.0918 5908 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    20:08:43.0919 5908 AERTFilters - ok
    20:08:44.0464 5908 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
    20:08:44.0524 5908 AFD - ok
    20:08:44.0795 5908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    20:08:44.0974 5908 agp440 - ok
    20:08:45.0104 5908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    20:08:45.0106 5908 ALG - ok
    20:08:45.0250 5908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:08:45.0385 5908 aliide - ok
    20:08:45.0557 5908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    20:08:45.0644 5908 amdide - ok
    20:08:46.0021 5908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    20:08:46.0132 5908 AmdK8 - ok
    20:08:46.0190 5908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    20:08:46.0295 5908 AmdPPM - ok
    20:08:46.0618 5908 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:08:46.0955 5908 amdsata - ok
    20:08:47.0118 5908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    20:08:47.0145 5908 amdsbs - ok
    20:08:47.0226 5908 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:08:47.0226 5908 amdxata - ok
    20:08:47.0453 5908 [ 8655A2983A86D6675135B1FF6892055D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    20:08:47.0455 5908 ApfiltrService - ok
    20:08:47.0653 5908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    20:08:47.0655 5908 AppID - ok
    20:08:47.0785 5908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:08:47.0787 5908 AppIDSvc - ok
    20:08:47.0987 5908 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    20:08:47.0989 5908 Appinfo - ok
    20:08:48.0413 5908 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:08:48.0416 5908 Apple Mobile Device - ok
    20:08:48.0614 5908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    20:08:48.0618 5908 arc - ok
    20:08:48.0681 5908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    20:08:48.0684 5908 arcsas - ok
    20:08:49.0574 5908 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    20:08:49.0622 5908 aspnet_state - ok
    20:08:49.0682 5908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:08:49.0684 5908 AsyncMac - ok
    20:08:49.0738 5908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    20:08:49.0738 5908 atapi - ok
    20:08:50.0000 5908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:08:50.0007 5908 AudioEndpointBuilder - ok
    20:08:50.0020 5908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    20:08:50.0024 5908 AudioSrv - ok
    20:08:50.0173 5908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:08:50.0175 5908 AxInstSV - ok
    20:08:50.0406 5908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    20:08:50.0412 5908 b06bdrv - ok
    20:08:50.0580 5908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:08:50.0583 5908 b57nd60a - ok
    20:08:51.0403 5908 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    20:08:51.0430 5908 BCM43XX - ok
    20:08:51.0503 5908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:08:51.0505 5908 BDESVC - ok
    20:08:51.0627 5908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:08:51.0629 5908 Beep - ok
    20:08:52.0001 5908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    20:08:52.0009 5908 BFE - ok
    20:08:52.0305 5908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
    20:08:52.0315 5908 BITS - ok
    20:08:52.0438 5908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:08:52.0439 5908 blbdrive - ok
    20:08:54.0169 5908 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:08:54.0224 5908 Bonjour Service - ok
    20:08:54.0305 5908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:08:54.0350 5908 bowser - ok
    20:08:54.0466 5908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:08:54.0766 5908 BrFiltLo - ok
    20:08:55.0013 5908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:08:55.0015 5908 BrFiltUp - ok
    20:08:56.0078 5908 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    20:08:56.0080 5908 BridgeMP - ok
    20:08:56.0150 5908 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    20:08:56.0152 5908 Browser - ok
    20:08:56.0248 5908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:08:56.0251 5908 Brserid - ok
    20:08:56.0270 5908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:08:56.0272 5908 BrSerWdm - ok
    20:08:56.0291 5908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:08:56.0293 5908 BrUsbMdm - ok
    20:08:56.0343 5908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:08:56.0345 5908 BrUsbSer - ok
    20:08:56.0378 5908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    20:08:56.0380 5908 BTHMODEM - ok
    20:08:56.0435 5908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    20:08:56.0436 5908 bthserv - ok
    20:08:56.0477 5908 catchme - ok
    20:08:56.0576 5908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:08:56.0578 5908 cdfs - ok
    20:08:57.0605 5908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:08:57.0767 5908 cdrom - ok
    20:08:57.0948 5908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:08:58.0000 5908 CertPropSvc - ok
    20:08:58.0134 5908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    20:08:58.0191 5908 circlass - ok
    20:08:58.0331 5908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    20:08:58.0335 5908 CLFS - ok
    20:08:58.0594 5908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:08:58.0598 5908 clr_optimization_v2.0.50727_32 - ok
    20:08:58.0799 5908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:08:58.0802 5908 clr_optimization_v2.0.50727_64 - ok
    20:08:59.0023 5908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:08:59.0227 5908 clr_optimization_v4.0.30319_32 - ok
    20:08:59.0283 5908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:08:59.0286 5908 clr_optimization_v4.0.30319_64 - ok
    20:08:59.0416 5908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    20:08:59.0417 5908 CmBatt - ok
    20:08:59.0464 5908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:08:59.0467 5908 cmdide - ok
    20:08:59.0628 5908 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
    20:08:59.0634 5908 CNG - ok
    20:08:59.0797 5908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    20:08:59.0797 5908 Compbatt - ok
    20:08:59.0884 5908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    20:08:59.0886 5908 CompositeBus - ok
    20:08:59.0960 5908 COMSysApp - ok
    20:09:00.0004 5908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    20:09:00.0033 5908 crcdisk - ok
    20:09:00.0231 5908 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:09:00.0233 5908 CryptSvc - ok
    20:09:00.0375 5908 [ 8BF993C368B07F14BF5788F9CA08972A ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:09:00.0382 5908 DcomLaunch - ok
    20:09:00.0633 5908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    20:09:00.0637 5908 defragsvc - ok
    20:09:00.0793 5908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:09:00.0797 5908 DfsC - ok
    20:09:01.0004 5908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:09:01.0008 5908 Dhcp - ok
    20:09:01.0076 5908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    20:09:01.0078 5908 discache - ok
    20:09:01.0342 5908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    20:09:01.0344 5908 Disk - ok
    20:09:01.0420 5908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:09:01.0423 5908 Dnscache - ok
    20:09:01.0496 5908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:09:01.0499 5908 dot3svc - ok
    20:09:01.0578 5908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    20:09:01.0580 5908 DPS - ok
    20:09:01.0708 5908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:09:01.0710 5908 drmkaud - ok
    20:09:02.0030 5908 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:09:02.0036 5908 DXGKrnl - ok
    20:09:02.0149 5908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    20:09:02.0151 5908 EapHost - ok
    20:09:03.0693 5908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    20:09:03.0803 5908 ebdrv - ok
    20:09:03.0908 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
    20:09:03.0910 5908 EFS - ok
    20:09:04.0336 5908 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:09:04.0345 5908 ehRecvr - ok
    20:09:04.0397 5908 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    20:09:04.0399 5908 ehSched - ok
    20:09:04.0832 5908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    20:09:04.0840 5908 elxstor - ok
    20:09:05.0282 5908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:09:05.0307 5908 ErrDev - ok
    20:09:05.0497 5908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    20:09:05.0503 5908 EventSystem - ok
    20:09:05.0573 5908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    20:09:05.0576 5908 exfat - ok
    20:09:05.0638 5908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:09:05.0641 5908 fastfat - ok
    20:09:05.0887 5908 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    20:09:05.0896 5908 Fax - ok
    20:09:05.0965 5908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:09:05.0967 5908 fdc - ok
    20:09:06.0031 5908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    20:09:06.0033 5908 fdPHost - ok
    20:09:06.0114 5908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    20:09:06.0116 5908 FDResPub - ok
    20:09:06.0152 5908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:09:06.0154 5908 FileInfo - ok
    20:09:06.0185 5908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:09:06.0187 5908 Filetrace - ok
    20:09:06.0995 5908 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    20:09:07.0003 5908 FLEXnet Licensing Service - ok
    20:09:07.0080 5908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:09:07.0083 5908 flpydisk - ok
    20:09:07.0270 5908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:09:07.0274 5908 FltMgr - ok
    20:09:07.0718 5908 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    20:09:07.0731 5908 FontCache - ok
    20:09:07.0872 5908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:09:07.0874 5908 FontCache3.0.0.0 - ok
    20:09:07.0928 5908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:09:07.0929 5908 FsDepends - ok
    20:09:07.0964 5908 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:09:07.0964 5908 Fs_Rec - ok
    20:09:10.0077 5908 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:09:10.0463 5908 fvevol - ok
    20:09:10.0512 5908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:09:10.0514 5908 gagp30kx - ok
    20:09:10.0762 5908 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:09:10.0762 5908 GEARAspiWDM - ok
    20:09:10.0914 5908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    20:09:11.0048 5908 gpsvc - ok
    20:09:11.0117 5908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:09:11.0119 5908 hcw85cir - ok
    20:09:11.0362 5908 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    20:09:11.0368 5908 HdAudAddService - ok
    20:09:11.0518 5908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    20:09:11.0520 5908 HDAudBus - ok
    20:09:11.0584 5908 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    20:09:11.0585 5908 HECIx64 - ok
    20:09:11.0620 5908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    20:09:11.0623 5908 HidBatt - ok
    20:09:11.0653 5908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:09:11.0657 5908 HidBth - ok
    20:09:11.0690 5908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    20:09:11.0691 5908 HidIr - ok
    20:09:11.0742 5908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    20:09:11.0744 5908 hidserv - ok
    20:09:11.0959 5908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:09:11.0961 5908 HidUsb - ok
    20:09:12.0019 5908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:09:12.0022 5908 hkmsvc - ok
    20:09:12.0141 5908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:09:12.0144 5908 HomeGroupListener - ok
    20:09:12.0256 5908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:09:12.0259 5908 HomeGroupProvider - ok
    20:09:12.0320 5908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    20:09:12.0322 5908 HpSAMD - ok
    20:09:12.0760 5908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:09:12.0809 5908 HTTP - ok
    20:09:12.0913 5908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:09:12.0913 5908 hwpolicy - ok
    20:09:13.0060 5908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    20:09:13.0062 5908 i8042prt - ok
    20:09:13.0246 5908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:09:13.0251 5908 iaStorV - ok
    20:09:13.0445 5908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:09:13.0472 5908 idsvc - ok
    20:09:15.0633 5908 [ 0372C154226F7074CD150F475A4870A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    20:09:15.0800 5908 igfx - ok
    20:09:15.0950 5908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    20:09:15.0952 5908 iirsp - ok
    20:09:16.0164 5908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    20:09:16.0174 5908 IKEEXT - ok
    20:09:16.0340 5908 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    20:09:16.0343 5908 Impcd - ok
    20:09:17.0153 5908 [ 697C927E0DE2ABAF1A5F455033F687CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    20:09:17.0337 5908 IntcAzAudAddService - ok
    20:09:17.0477 5908 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    20:09:17.0480 5908 IntcDAud - ok
    20:09:17.0561 5908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    20:09:17.0562 5908 intelide - ok
    20:09:17.0647 5908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:09:17.0655 5908 intelppm - ok
    20:09:17.0700 5908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:09:17.0703 5908 IPBusEnum - ok
    20:09:17.0764 5908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:09:17.0767 5908 IpFilterDriver - ok
    20:09:17.0958 5908 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    20:09:17.0968 5908 iphlpsvc - ok
    20:09:18.0017 5908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    20:09:18.0019 5908 IPMIDRV - ok
    20:09:18.0057 5908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:09:18.0060 5908 IPNAT - ok
    20:09:18.0414 5908 [ 78486992AC657AE5065C4A2135838570 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:09:18.0421 5908 iPod Service - ok
    20:09:18.0476 5908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:09:18.0477 5908 IRENUM - ok
    20:09:18.0511 5908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:09:18.0512 5908 isapnp - ok
    20:09:18.0717 5908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    20:09:18.0724 5908 iScsiPrt - ok
    20:09:18.0912 5908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    20:09:18.0913 5908 kbdclass - ok
    20:09:18.0985 5908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    20:09:18.0987 5908 kbdhid - ok
    20:09:19.0006 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
    20:09:19.0008 5908 KeyIso - ok
    20:09:19.0043 5908 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:09:19.0045 5908 KSecDD - ok
    20:09:19.0129 5908 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:09:19.0131 5908 KSecPkg - ok
    20:09:19.0160 5908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    20:09:19.0162 5908 ksthunk - ok
    20:09:19.0235 5908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:09:19.0241 5908 KtmRm - ok
    20:09:19.0340 5908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    20:09:19.0344 5908 LanmanServer - ok
    20:09:19.0401 5908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:09:19.0405 5908 LanmanWorkstation - ok
    20:09:19.0500 5908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:09:19.0502 5908 lltdio - ok
    20:09:19.0601 5908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:09:19.0607 5908 lltdsvc - ok
    20:09:19.0632 5908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:09:19.0635 5908 lmhosts - ok
    20:09:19.0783 5908 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    20:09:19.0786 5908 LMS - ok
    20:09:19.0867 5908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:09:19.0869 5908 LSI_FC - ok
    20:09:19.0904 5908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:09:19.0907 5908 LSI_SAS - ok
    20:09:19.0968 5908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:09:19.0970 5908 LSI_SAS2 - ok
    20:09:20.0024 5908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:09:20.0027 5908 LSI_SCSI - ok
    20:09:20.0077 5908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    20:09:20.0079 5908 luafv - ok
    20:09:20.0314 5908 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    20:09:20.0315 5908 MBAMProtector - ok
    20:09:21.0975 5908 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    20:09:21.0978 5908 MBAMScheduler - ok
    20:09:22.0416 5908 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    20:09:22.0429 5908 MBAMService - ok
    20:09:22.0469 5908 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:09:22.0473 5908 Mcx2Svc - ok
    20:09:22.0502 5908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    20:09:22.0504 5908 megasas - ok
    20:09:22.0533 5908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    20:09:22.0600 5908 MegaSR - ok
    20:09:23.0145 5908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    20:09:23.0148 5908 MMCSS - ok
    20:09:23.0176 5908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    20:09:23.0179 5908 Modem - ok
    20:09:23.0257 5908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:09:23.0258 5908 monitor - ok
    20:09:23.0320 5908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:09:23.0321 5908 mouclass - ok
    20:09:23.0444 5908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:09:23.0445 5908 mouhid - ok
    20:09:23.0475 5908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:09:23.0478 5908 mountmgr - ok
    20:09:23.0671 5908 [ 3B9398E0146855B1DC0E3D9769C80F01 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    20:09:23.0674 5908 MozillaMaintenance - ok
    20:09:23.0761 5908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:09:23.0764 5908 mpio - ok
    20:09:23.0781 5908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:09:23.0783 5908 mpsdrv - ok
    20:09:23.0827 5908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    20:09:23.0841 5908 MpsSvc - ok
    20:09:23.0954 5908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:09:23.0958 5908 MRxDAV - ok
    20:09:24.0018 5908 [ C2B4651001A867FF3F8865863B592991 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:09:24.0021 5908 mrxsmb - ok
    20:09:24.0104 5908 [ 7E79946AFC5F799AB62982282BE5AC13 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:09:24.0109 5908 mrxsmb10 - ok
    20:09:24.0163 5908 [ 5FB954100CEA2BFEC6446FBBECAA3F79 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:09:24.0165 5908 mrxsmb20 - ok
    20:09:24.0208 5908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    20:09:24.0209 5908 msahci - ok
    20:09:24.0258 5908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:09:24.0261 5908 msdsm - ok
    20:09:24.0324 5908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    20:09:24.0327 5908 MSDTC - ok
    20:09:24.0415 5908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:09:24.0417 5908 Msfs - ok
    20:09:24.0464 5908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:09:24.0466 5908 mshidkmdf - ok
    20:09:24.0521 5908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:09:24.0522 5908 msisadrv - ok
    20:09:25.0659 5908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:09:25.0662 5908 MSiSCSI - ok
    20:09:25.0670 5908 msiserver - ok
    20:09:25.0836 5908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:09:25.0838 5908 MSKSSRV - ok
    20:09:25.0936 5908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:09:25.0938 5908 MSPCLOCK - ok
    20:09:25.0999 5908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:09:26.0001 5908 MSPQM - ok
    20:09:26.0089 5908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:09:26.0093 5908 MsRPC - ok
    20:09:26.0124 5908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    20:09:26.0125 5908 mssmbios - ok
    20:09:26.0155 5908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:09:26.0157 5908 MSTEE - ok
    20:09:26.0172 5908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    20:09:26.0173 5908 MTConfig - ok
    20:09:26.0195 5908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:09:26.0196 5908 Mup - ok
    20:09:26.0248 5908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    20:09:26.0257 5908 napagent - ok
    20:09:26.0430 5908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:09:26.0434 5908 NativeWifiP - ok
    20:09:26.0912 5908 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:09:26.0923 5908 NDIS - ok
    20:09:27.0029 5908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:09:27.0031 5908 NdisCap - ok
    20:09:27.0087 5908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:09:27.0089 5908 NdisTapi - ok
    20:09:27.0160 5908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:09:27.0162 5908 Ndisuio - ok
    20:09:27.0245 5908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:09:27.0249 5908 NdisWan - ok
    20:09:27.0277 5908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:09:27.0280 5908 NDProxy - ok
    20:09:27.0308 5908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:09:27.0310 5908 NetBIOS - ok
    20:09:27.0392 5908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:09:27.0396 5908 NetBT - ok
    20:09:27.0417 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
    20:09:27.0419 5908 Netlogon - ok
    20:09:27.0552 5908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    20:09:27.0556 5908 Netman - ok
    20:09:27.0681 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:09:27.0796 5908 NetMsmqActivator - ok
    20:09:27.0826 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:09:27.0827 5908 NetPipeActivator - ok
    20:09:27.0921 5908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    20:09:27.0929 5908 netprofm - ok
    20:09:27.0992 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:09:27.0994 5908 NetTcpActivator - ok
    20:09:28.0002 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    20:09:28.0004 5908 NetTcpPortSharing - ok
    20:09:28.0052 5908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    20:09:28.0054 5908 nfrd960 - ok
    20:09:28.0189 5908 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:09:28.0194 5908 NlaSvc - ok
    20:09:28.0218 5908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:09:28.0220 5908 Npfs - ok
    20:09:28.0246 5908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    20:09:28.0249 5908 nsi - ok
    20:09:28.0270 5908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:09:28.0272 5908 nsiproxy - ok
    20:09:28.0992 5908 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:09:29.0009 5908 Ntfs - ok
    20:09:29.0038 5908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    20:09:29.0039 5908 Null - ok
    20:09:29.0109 5908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:09:29.0112 5908 nvraid - ok
    20:09:29.0206 5908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:09:29.0209 5908 nvstor - ok
    20:09:29.0285 5908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:09:29.0287 5908 nv_agp - ok
    20:09:29.0334 5908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:09:29.0337 5908 ohci1394 - ok
    20:09:29.0421 5908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:09:29.0426 5908 p2pimsvc - ok
    20:09:29.0540 5908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:09:29.0546 5908 p2psvc - ok
    20:09:29.0577 5908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:09:29.0579 5908 Parport - ok
    20:09:29.0616 5908 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:09:29.0618 5908 partmgr - ok
    20:09:29.0679 5908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:09:29.0683 5908 PcaSvc - ok
    20:09:29.0724 5908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    20:09:29.0727 5908 pci - ok
    20:09:29.0745 5908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    20:09:29.0748 5908 pciide - ok
    20:09:29.0796 5908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    20:09:29.0800 5908 pcmcia - ok
    20:09:29.0820 5908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    20:09:29.0821 5908 pcw - ok
    20:09:29.0862 5908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:09:29.0870 5908 PEAUTH - ok
    20:09:30.0504 5908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    20:09:30.0506 5908 PerfHost - ok
    20:09:31.0732 5908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    20:09:31.0749 5908 pla - ok
    20:09:31.0875 5908 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:09:31.0881 5908 PlugPlay - ok
    20:09:31.0920 5908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:09:31.0924 5908 PNRPAutoReg - ok
    20:09:31.0943 5908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:09:31.0947 5908 PNRPsvc - ok
    20:09:32.0099 5908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:09:32.0105 5908 PolicyAgent - ok
    20:09:32.0153 5908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    20:09:32.0156 5908 Power - ok
    20:09:32.0210 5908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:09:32.0213 5908 PptpMiniport - ok
    20:09:32.0273 5908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    20:09:32.0275 5908 Processor - ok
    20:09:32.0375 5908 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
    20:09:32.0379 5908 ProfSvc - ok
    20:09:32.0405 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:09:32.0407 5908 ProtectedStorage - ok
    20:09:32.0526 5908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:09:32.0529 5908 Psched - ok
    20:09:33.0004 5908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    20:09:33.0025 5908 ql2300 - ok
    20:09:33.0068 5908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    20:09:33.0070 5908 ql40xx - ok
    20:09:33.0127 5908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    20:09:33.0131 5908 QWAVE - ok
    20:09:33.0144 5908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:09:33.0145 5908 QWAVEdrv - ok
    20:09:33.0174 5908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:09:33.0175 5908 RasAcd - ok
    20:09:33.0251 5908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:09:33.0252 5908 RasAgileVpn - ok
    20:09:33.0272 5908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    20:09:33.0275 5908 RasAuto - ok
    20:09:33.0340 5908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:09:33.0343 5908 Rasl2tp - ok
    20:09:33.0421 5908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    20:09:33.0427 5908 RasMan - ok
    20:09:33.0488 5908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:09:33.0490 5908 RasPppoe - ok
    20:09:33.0576 5908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:09:33.0578 5908 RasSstp - ok
    20:09:33.0693 5908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:09:33.0698 5908 rdbss - ok
    20:09:33.0717 5908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:09:33.0719 5908 rdpbus - ok
    20:09:33.0736 5908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:09:33.0737 5908 RDPCDD - ok
    20:09:33.0792 5908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:09:33.0794 5908 RDPENCDD - ok
    20:09:33.0835 5908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:09:33.0837 5908 RDPREFMP - ok
    20:09:33.0908 5908 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:09:33.0912 5908 RDPWD - ok
    20:09:33.0988 5908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:09:33.0991 5908 rdyboost - ok
    20:09:34.0020 5908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:09:34.0024 5908 RemoteAccess - ok
    20:09:34.0124 5908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:09:34.0130 5908 RemoteRegistry - ok
    20:09:34.0208 5908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:09:34.0212 5908 RpcEptMapper - ok
    20:09:34.0245 5908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    20:09:34.0249 5908 RpcLocator - ok
    20:09:34.0307 5908 [ 8BF993C368B07F14BF5788F9CA08972A ] RpcSs C:\Windows\system32\rpcss.dll
    20:09:34.0313 5908 RpcSs - ok
    20:09:34.0374 5908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:09:34.0377 5908 rspndr - ok
    20:09:34.0510 5908 [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    20:09:34.0514 5908 RSUSBSTOR - ok
    20:09:34.0801 5908 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    20:09:34.0804 5908 RTL8167 - ok
    20:09:34.0836 5908 RtsUIR - ok
    20:09:34.0894 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
    20:09:34.0896 5908 SamSs - ok
    20:09:34.0962 5908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:09:34.0964 5908 sbp2port - ok
    20:09:35.0009 5908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:09:35.0014 5908 SCardSvr - ok
    20:09:35.0058 5908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:09:35.0060 5908 scfilter - ok
    20:09:35.0117 5908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    20:09:35.0131 5908 Schedule - ok
    20:09:35.0190 5908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:09:35.0191 5908 SCPolicySvc - ok
    20:09:35.0265 5908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:09:35.0275 5908 SDRSVC - ok
    20:09:35.0428 5908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:09:35.0429 5908 secdrv - ok
    20:09:35.0459 5908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    20:09:35.0462 5908 seclogon - ok
    20:09:35.0487 5908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
    20:09:35.0490 5908 SENS - ok
    20:09:35.0544 5908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:09:35.0547 5908 SensrSvc - ok
    20:09:35.0564 5908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:09:35.0566 5908 Serenum - ok
    20:09:35.0613 5908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:09:35.0616 5908 Serial - ok
    20:09:35.0684 5908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    20:09:35.0686 5908 sermouse - ok
    20:09:35.0726 5908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:09:35.0730 5908 SessionEnv - ok
    20:09:35.0776 5908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:09:35.0778 5908 sffdisk - ok
    20:09:35.0815 5908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:09:35.0817 5908 sffp_mmc - ok
    20:09:35.0844 5908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:09:35.0845 5908 sffp_sd - ok
    20:09:35.0873 5908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    20:09:35.0875 5908 sfloppy - ok
    20:09:36.0050 5908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    20:09:36.0057 5908 SharedAccess - ok
    20:09:36.0108 5908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:09:36.0114 5908 ShellHWDetection - ok
    20:09:36.0130 5908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:09:36.0132 5908 SiSRaid2 - ok
    20:09:36.0165 5908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    20:09:36.0190 5908 SiSRaid4 - ok
    20:09:36.0250 5908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:09:36.0253 5908 Smb - ok
    20:09:36.0358 5908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:09:36.0360 5908 SNMPTRAP - ok
    20:09:36.0406 5908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:09:36.0407 5908 spldr - ok
    20:09:36.0472 5908 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    20:09:36.0481 5908 Spooler - ok
    20:09:38.0138 5908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    20:09:38.0225 5908 sppsvc - ok
    20:09:38.0253 5908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:09:38.0257 5908 sppuinotify - ok
    20:09:38.0392 5908 [ 65BBF4920148C2EE279055DA7228FC7B ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:09:38.0398 5908 srv - ok
    20:09:38.0548 5908 [ DA939F762A1CCC2D77428621DDBD40A7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:09:38.0604 5908 srv2 - ok
    20:09:39.0520 5908 [ 3F847C9DC87299516F7DC82FB6572865 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:09:39.0522 5908 srvnet - ok
    20:09:39.0631 5908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:09:39.0637 5908 SSDPSRV - ok
    20:09:39.0668 5908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:09:39.0671 5908 SstpSvc - ok
    20:09:39.0758 5908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    20:09:39.0760 5908 stexstor - ok
    20:09:39.0835 5908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    20:09:39.0843 5908 stisvc - ok
    20:09:39.0898 5908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    20:09:39.0899 5908 swenum - ok
    20:09:40.0284 5908 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    20:09:40.0290 5908 SwitchBoard - ok
    20:09:40.0341 5908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    20:09:40.0350 5908 swprv - ok
    20:09:41.0173 5908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    20:09:41.0194 5908 SysMain - ok
    20:09:41.0231 5908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:09:41.0234 5908 TabletInputService - ok
    20:09:41.0329 5908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:09:41.0335 5908 TapiSrv - ok
    20:09:41.0365 5908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    20:09:41.0377 5908 TBS - ok
    20:09:41.0551 5908 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:09:41.0572 5908 Tcpip - ok
    20:09:41.0654 5908 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:09:41.0675 5908 TCPIP6 - ok
    20:09:41.0738 5908 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:09:41.0739 5908 tcpipreg - ok
    20:09:41.0821 5908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:09:41.0823 5908 TDPIPE - ok
    20:09:41.0857 5908 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:09:41.0858 5908 TDTCP - ok
    20:09:41.0907 5908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:09:41.0910 5908 tdx - ok
    20:09:41.0941 5908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    20:09:41.0942 5908 TermDD - ok
    20:09:42.0114 5908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    20:09:42.0123 5908 TermService - ok
    20:09:42.0172 5908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    20:09:42.0176 5908 Themes - ok
    20:09:42.0199 5908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    20:09:42.0201 5908 THREADORDER - ok
    20:09:42.0238 5908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    20:09:42.0242 5908 TrkWks - ok
    20:09:42.0304 5908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:09:42.0307 5908 TrustedInstaller - ok
    20:09:42.0331 5908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:09:42.0333 5908 tssecsrv - ok
    20:09:42.0409 5908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    20:09:42.0413 5908 TsUsbFlt - ok
    20:09:42.0524 5908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:09:42.0528 5908 tunnel - ok
    20:09:42.0857 5908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    20:09:42.0859 5908 uagp35 - ok
    20:09:43.0118 5908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:09:43.0184 5908 udfs - ok
    20:09:43.0230 5908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:09:43.0233 5908 UI0Detect - ok
    20:09:43.0300 5908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:09:43.0301 5908 uliagpkx - ok
    20:09:43.0363 5908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    20:09:43.0365 5908 umbus - ok
    20:09:43.0425 5908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    20:09:43.0428 5908 UmPass - ok
    20:09:43.0989 5908 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    20:09:44.0477 5908 UNS - ok
    20:09:44.0513 5908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    20:09:44.0520 5908 upnphost - ok
    20:09:45.0048 5908 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    20:09:45.0050 5908 USBAAPL64 - ok
    20:09:45.0106 5908 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:09:45.0108 5908 usbccgp - ok
    20:09:45.0161 5908 USBCCID - ok
    20:09:45.0265 5908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:09:45.0268 5908 usbcir - ok
    20:09:45.0297 5908 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    20:09:45.0315 5908 usbehci - ok
    20:09:45.0362 5908 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
    20:09:45.0368 5908 usbhub - ok
    20:09:45.0461 5908 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    20:09:45.0464 5908 usbohci - ok
    20:09:45.0487 5908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:09:45.0489 5908 usbprint - ok
    20:09:45.0511 5908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:09:45.0513 5908 USBSTOR - ok
    20:09:45.0527 5908 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    20:09:45.0529 5908 usbuhci - ok
    20:09:45.0615 5908 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    20:09:45.0618 5908 usbvideo - ok
    20:09:45.0646 5908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    20:09:45.0650 5908 UxSms - ok
    20:09:45.0671 5908 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
    20:09:45.0673 5908 VaultSvc - ok
    20:09:45.0718 5908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    20:09:45.0719 5908 vdrvroot - ok
    20:09:45.0827 5908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    20:09:45.0835 5908 vds - ok
    20:09:45.0873 5908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:09:45.0875 5908 vga - ok
    20:09:45.0899 5908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:09:45.0901 5908 VgaSave - ok
    20:09:45.0959 5908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    20:09:45.0963 5908 vhdmp - ok
    20:09:46.0020 5908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    20:09:46.0022 5908 viaide - ok
    20:09:46.0057 5908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:09:46.0085 5908 volmgr - ok
    20:09:46.0182 5908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:09:46.0187 5908 volmgrx - ok
    20:09:46.0245 5908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:09:46.0250 5908 volsnap - ok
    20:09:46.0334 5908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    20:09:46.0337 5908 vsmraid - ok
    20:09:47.0260 5908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    20:09:47.0315 5908 VSS - ok
    20:09:47.0388 5908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    20:09:47.0390 5908 vwifibus - ok
    20:09:47.0483 5908 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    20:09:47.0485 5908 vwififlt - ok
    20:09:47.0569 5908 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    20:09:47.0570 5908 vwifimp - ok
    20:09:47.0663 5908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    20:09:47.0670 5908 W32Time - ok
    20:09:47.0723 5908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    20:09:47.0725 5908 WacomPen - ok
    20:09:47.0866 5908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:09:47.0868 5908 WANARP - ok
    20:09:47.0899 5908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:09:47.0900 5908 Wanarpv6 - ok
    20:09:48.0104 5908 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:09:48.0119 5908 WatAdminSvc - ok
    20:09:48.0429 5908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    20:09:48.0449 5908 wbengine - ok
    20:09:48.0521 5908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:09:48.0526 5908 WbioSrvc - ok
    20:09:48.0884 5908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:09:48.0890 5908 wcncsvc - ok
    20:09:48.0908 5908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:09:48.0912 5908 WcsPlugInService - ok
    20:09:48.0966 5908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    20:09:48.0968 5908 Wd - ok
    20:09:49.0044 5908 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    20:09:49.0047 5908 WDC_SAM - ok
    20:09:49.0124 5908 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:09:49.0132 5908 Wdf01000 - ok
    20:09:49.0151 5908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:09:49.0155 5908 WdiServiceHost - ok
    20:09:49.0160 5908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:09:49.0163 5908 WdiSystemHost - ok
    20:09:49.0206 5908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    20:09:49.0211 5908 WebClient - ok
    20:09:49.0292 5908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:09:49.0296 5908 Wecsvc - ok
    20:09:49.0321 5908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:09:49.0324 5908 wercplsupport - ok
    20:09:49.0384 5908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:09:49.0388 5908 WerSvc - ok
    20:09:49.0442 5908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:09:49.0444 5908 WfpLwf - ok
    20:09:49.0475 5908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:09:49.0476 5908 WIMMount - ok
    20:09:49.0495 5908 WinDefend - ok
    20:09:49.0506 5908 WinHttpAutoProxySvc - ok
    20:09:49.0770 5908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:09:49.0773 5908 Winmgmt - ok
    20:09:50.0157 5908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    20:09:50.0183 5908 WinRM - ok
    20:09:50.0290 5908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    20:09:50.0292 5908 WinUsb - ok
    20:09:50.0423 5908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:09:50.0437 5908 Wlansvc - ok
    20:09:51.0131 5908 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    20:09:51.0215 5908 wlidsvc - ok
    20:09:51.0282 5908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:09:51.0284 5908 WmiAcpi - ok
    20:09:51.0407 5908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:09:51.0410 5908 wmiApSrv - ok
    20:09:51.0441 5908 WMPNetworkSvc - ok
    20:09:51.0466 5908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:09:51.0470 5908 WPCSvc - ok
    20:09:51.0505 5908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:09:51.0510 5908 WPDBusEnum - ok
    20:09:51.0555 5908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:09:51.0558 5908 ws2ifsl - ok
    20:09:51.0574 5908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
    20:09:51.0580 5908 wscsvc - ok
    20:09:51.0587 5908 WSearch - ok
    20:09:51.0742 5908 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
    20:09:51.0796 5908 wuauserv - ok
    20:09:51.0917 5908 wucawxll - ok
    20:09:51.0943 5908 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:09:51.0946 5908 WudfPf - ok
    20:09:52.0087 5908 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:09:52.0090 5908 WUDFRd - ok
    20:09:52.0140 5908 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:09:52.0143 5908 wudfsvc - ok
    20:09:52.0202 5908 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:09:52.0207 5908 WwanSvc - ok
    20:09:52.0272 5908 ================ Scan global ===============================
    20:09:52.0334 5908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    20:09:52.0417 5908 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll
    20:09:52.0429 5908 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll
    20:09:52.0473 5908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    20:09:52.0555 5908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    20:09:52.0562 5908 [Global] - ok
    20:09:52.0563 5908 ================ Scan MBR ==================================
    20:09:52.0591 5908 [ C0DCF0AC171DB02DB8B0014C5D767CF1 ] \Device\Harddisk0\DR0
    20:09:52.0591 5908 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    20:09:52.0659 5908 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    20:09:52.0659 5908 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    20:09:53.0041 5908 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    20:09:53.0041 5908 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    20:09:53.0053 5908 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
    20:09:53.0307 5908 \Device\Harddisk1\DR1 - ok
    20:09:53.0307 5908 ================ Scan VBR ==================================
    20:09:53.0359 5908 [ 7CC836EF678E71317EDA437382735D0E ] \Device\Harddisk0\DR0\Partition1
    20:09:53.0362 5908 \Device\Harddisk0\DR0\Partition1 - ok
    20:09:53.0389 5908 [ A998D5EFFFB6091EA10090354837F6D0 ] \Device\Harddisk0\DR0\Partition2
    20:09:53.0393 5908 \Device\Harddisk0\DR0\Partition2 - ok
    20:09:53.0399 5908 [ E3C5EEA8BF78E727CBAC6E51C0E3EC8D ] \Device\Harddisk1\DR1\Partition1
    20:09:53.0401 5908 \Device\Harddisk1\DR1\Partition1 - ok
    20:09:53.0403 5908 ============================================================
    20:09:53.0403 5908 Scan finished
    20:09:53.0403 5908 ============================================================
    20:09:53.0418 5900 Detected object count: 2
    20:09:53.0418 5900 Actual detected object count: 2
    20:10:47.0967 5900 \Device\Harddisk0\DR0\# - copied to quarantine
    20:10:48.0012 5900 \Device\Harddisk0\DR0 - copied to quarantine
    20:10:48.0353 5900 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    20:10:48.0356 5900 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    20:10:48.0360 5900 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    20:10:48.0396 5900 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    20:10:48.0405 5900 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    20:10:48.0418 5900 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    20:10:48.0420 5900 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    20:10:48.0423 5900 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    20:10:48.0426 5900 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    20:10:48.0428 5900 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    20:10:48.0430 5900 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    20:10:48.0431 5900 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    20:10:48.0465 5900 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    20:10:48.0466 5900 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    20:10:49.0098 5900 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    20:10:49.0236 5900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    20:10:49.0238 5900 \Device\Harddisk0\DR0 - ok
    20:10:49.0244 5900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    20:10:49.0245 5900 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    20:10:49.0245 5900 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    20:11:11.0867 5588 Deinitialize success

    Rogue Killer

    RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Remove -- Date : 01/06/2014 19:22:47
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [7] -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Users\Owner\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe KILLED [TermProc]
    [HJNAME] conhost.exe -- C:\Program Files (x86)\Mobogenie\mgusb.exe [7] -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : AIM for Windows ("C:\Users\Owner\AppData\Local\AOL\AIM\aim.exe" [x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : NextLive (C:\Windows\SysWOW64\rundll32.exe "C:\Users\Owner\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l [7][-][x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : Del2969323 (cmd.exe /Q /D /c del "C:\Users\Owner\AppData\Local\Temp\0.del" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\RunOnce : Del3003627 (cmd.exe /Q /D /c del "C:\Users\Owner\AppData\Local\Temp\0.del" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del2969323 (cmd.exe /Q /D /c del "C:\Users\Owner\AppData\Local\Temp\0.del" [x][x]) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Del3003627 (cmd.exe /Q /D /c del "C:\Users\Owner\AppData\Local\Temp\0.del" [x][x]) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 5 ¤¤¤
    [V1][SUSP PATH] Digital Sites.job : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
    [V1][SUSP PATH] MySearchDial.job : C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
    [V2][SUSP PATH] Digital Sites : C:\Users\Owner\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
    [V2][SUSP PATH] MySearchDial : C:\Users\Owner\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> DELETED
    [V2][SUSP PATH] winupd : C:\Users\Owner\AppData\Local\Temp:winupd.exe [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPVT-00HXZT1 ATA Device +++++
    --- User ---
    [MBR] eb842ba86dae7cfd19f7ea49cdeb77c9
    [BSP] b8b29a145dfdfb90d7960fdcd9c1568f : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 5229a90ed5a4a96e639e7254c141184e
    [BSP] cf34a7bcaed8001a0aaa9ce81e7dd8c0 : PiHar MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Generic- Multi-Card USB Device +++++
    --- User ---
    [MBR] b07927c6b904ea2d7d8dc9b2acf6092f
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )

    Finished : << RKreport[0]_D_01062014_192247.txt >>
    RKreport[0]_S_01062014_191946.txt


    RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Owner [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/06/2014 19:23:12
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [7] -> KILLED [TermProc]
    [SUSP PATH][DLL] rundll32.exe -- C:\Users\Owner\AppData\Roaming\newnext.me\nengine.dll [-] -> rundll32.exe KILLED [TermProc]
    [HJNAME] conhost.exe -- C:\Program Files (x86)\Mobogenie\mgusb.exe [7] -> KILLED [TermThr]

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 0 / Fail 0
    Programs: Success 0 / Fail 0
    Start menu: Success 0 / Fail 0
    User folder: Success 0 / Fail 0
    My documents: Success 1 / Fail 1
    My favorites: Success 4 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 2 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 7 / Fail 13
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [E:] \Device\HarddiskVolume3 -- 0x2 --> Restored

    ¤¤¤ Infection : Root.MBR ¤¤¤

    Finished : << RKreport[0]_SC_01062014_192312.txt >>
    RKreport[0]_D_01062014_192247.txt;RKreport[0]_S_01062014_191946.txt

    Malware Bytes


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.01.06.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Owner :: OWNER-PC [administrator]

    1/6/2014 7:49:58 PM
    mbam-log-2014-01-06 (19-49-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 235003
    Time elapsed: 11 minute(s), 28 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3568 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 13
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{f325945d-dafe-4312-95d8-1913aeb1d810} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
    HKCR\Interface\{4318395F-DFF1-48AF-B5F0-958E93D16D56} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully.
    HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0H1L1J1L1S1R1N -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&...FtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 3
    C:\Users\Owner\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    Files Detected: 11
    C:\Users\Owner\AppData\Local\Temp\is1590112554\2936107_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Local\Temp\nfzqhoqi.tmp\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
    C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZU8GIVXL\Setup[1].exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
    C:\Users\Owner\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

    (end)


    ESET

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\8997.tmp.vir Win64/Olmarik.AD trojan
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\89A8.tmp.vir Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AYI trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYG trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.JG trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AC trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan
    C:\TDSSKiller_Quarantine\06.01.2014_20.08.05\mbr0000\tdlfs0000\tsk0014.dta Win32/Olmarik.AYI trojan
    C:\Users\Owner\AppData\Local\Temp\162849.Uninstall\uninstaller.exe Win32/InstallCore.AZ application
    C:\Users\Owner\AppData\Local\Temp\is1590112554\2936170_stp\uninstaller.exe Win32/InstallCore.AZ application
    C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4fd08551-782eec20 a variant of Java/Exploit.Blacole.AF trojan
    C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\504e4dd6-7e2cc5f1 a variant of Java/TrojanDownloader.Agent.NDJ trojan
    C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\26ac7ea2-56bf30f1 multiple threats
    C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\4d809ea6-64ca2622 multiple threats
    C:\Users\Owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\1290de77-454c7005 Java/Exploit.CVE-2011-3544.F trojan
    C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe Win32/InstallCore.AZ application
    C:\Users\Owner\Desktop\RK_Quarantine\PhysicalDrive0_LL2.dat Win32/Olmarik.AXY trojan
    C:\Users\Owner\Documents\Adobe Photoshop, Illustrator and Dreamweaver CS4 + Crack [Working]\Crack\Activation Blocker.cmd BAT/HostsChanger.A application
     
  2. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    OTL and EXTRAS


    OTL logfile created on: 1/7/2014 6:49:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.00% Memory free
    7.60 Gb Paging File | 5.55 Gb Available in Paging File | 73.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.65 Gb Total Space | 375.95 Gb Free Space | 80.74% Space Free | Partition Type: NTFS
    Drive E: | 968.25 Mb Total Space | 686.34 Mb Free Space | 70.88% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/06 22:59:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
    PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2013/02/12 20:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2012/04/25 09:36:36 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
    PRC - [2012/04/24 19:18:16 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
    PRC - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/12 19:13:16 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    MOD - [2013/02/12 20:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2013/02/12 20:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2012/04/24 19:18:24 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
    MOD - [2012/04/24 19:18:06 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - [2013/12/19 19:15:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/12 19:13:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/04/06 22:09:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/09/30 19:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 19:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 AA F8 A4 9E ED CB 01 [binary data]
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/06/04 20:25:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/19 19:15:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 19:15:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/19 19:15:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/19 19:15:05 | 000,000,000 | ---D | M]

    [2012/02/09 21:19:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2014/01/06 19:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default\extensions
    [2014/01/06 19:11:59 | 000,000,000 | ---D | M] ("MySearchDial NewTab") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
    [2014/01/06 19:12:05 | 000,002,397 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default\searchplugins\Mysearchdial.xml
    [2013/12/19 19:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/12/19 19:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/12/19 19:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/12/19 19:15:11 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2011/07/11 15:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2014/01/01 21:16:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O7 - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
    O7 - HKU\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D0321DA-0583-4DCE-8A3E-CC6DEC249C2F}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D72CCE85-6F81-46EA-A0AD-1F3705C09692}: DhcpNameServer = 208.180.42.68 208.180.42.100
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/06 20:10:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2014/01/06 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
    [2014/01/06 19:13:40 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
    [2014/01/06 19:12:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\.android
    [2014/01/06 19:12:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\cache
    [2014/01/06 19:12:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\genienext
    [2014/01/06 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Mobogenie
    [2014/01/06 19:12:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mobogenie
    [2014/01/06 19:11:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
    [2014/01/06 19:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
    [2014/01/06 19:11:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    [2014/01/06 19:10:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DigitalSites
    [2014/01/01 21:29:39 | 000,000,000 | --SD | C] -- C:\$RECYCLE.BIN
    [2014/01/01 20:59:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/01 20:59:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/01 20:59:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/01 20:58:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/01 20:58:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/12/19 19:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

    ========== Files - Modified Within 30 Days ==========

    [2014/01/07 18:34:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/07 18:34:44 | 3061,215,232 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/06 23:13:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/01/06 19:34:23 | 370,646,036 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/12/30 20:08:46 | 000,120,190 | ---- | M] () -- C:\Users\Owner\Desktop\temp131215-dallas-cowboys-packers-25--nfl_mezz_1280_1024.jpg
    [2013/12/30 20:08:19 | 000,097,870 | ---- | M] () -- C:\Users\Owner\Desktop\temp131229-packers-bears-005--nfl_mezz_1280_1024.jpg

    ========== Files Created - No Company Name ==========

    [2014/01/01 20:59:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/01 20:59:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/01 20:59:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/01 20:59:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/01 20:59:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/12/30 20:08:46 | 000,120,190 | ---- | C] () -- C:\Users\Owner\Desktop\temp131215-dallas-cowboys-packers-25--nfl_mezz_1280_1024.jpg
    [2013/12/30 20:08:17 | 000,097,870 | ---- | C] () -- C:\Users\Owner\Desktop\temp131229-packers-bears-005--nfl_mezz_1280_1024.jpg
    [2013/06/04 20:36:28 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2013/06/04 20:36:28 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2012/02/13 20:55:09 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2012/02/13 20:55:09 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2012/02/13 20:55:08 | 000,050,028 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2012/02/13 20:55:04 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2012/02/13 20:55:01 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2012/02/10 22:36:38 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~tE3KaHfJMHPU8c
    [2012/02/10 22:36:38 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~tE3KaHfJMHPU8cr
    [2012/02/10 22:36:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\tE3KaHfJMHPU8c
    [2012/02/09 20:52:19 | 000,000,304 | -H-- | C] () -- C:\ProgramData\~4jm3e4vKb00Nvg
    [2012/02/09 20:52:19 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~4jm3e4vKb00Nvgr
    [2012/02/09 20:48:50 | 000,000,416 | -H-- | C] () -- C:\ProgramData\4jm3e4vKb00Nvg
    [2012/01/15 22:38:05 | 000,008,722 | -H-- | C] () -- C:\ProgramData\fe9788d0
    [2012/01/15 22:38:05 | 000,008,710 | -H-- | C] () -- C:\Users\Owner\AppData\Local\b0b71fae
    [2011/12/28 16:46:36 | 000,003,584 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/27 21:26:36 | 000,013,558 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7
    [2011/12/27 21:26:36 | 000,013,558 | -HS- | C] () -- C:\ProgramData\1oe0qqw8513nf43n4ln4wd23l210o13jt767i7vd7
    [2011/04/24 20:38:09 | 000,001,456 | -H-- | C] () -- C:\Users\Owner\AppData\Local\Adobe Save for Web 12.0 Prefs

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 07:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 06:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/01/06 19:11:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    [2012/02/12 20:57:37 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\14055
    [2012/02/12 20:57:37 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\4A314
    [2011/05/20 09:38:30 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/30 21:12:43 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\cYo
    [2014/01/06 20:02:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DigitalSites
    [2012/02/12 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
    [2011/06/19 19:09:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Jasc
    [2012/04/22 21:15:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PC Cleaners
    [2012/04/22 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCPro
    [2011/04/24 19:54:51 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Publish Providers
    [2013/04/21 17:15:55 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony
    [2011/06/07 23:21:34 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Sony Creative Software Inc
    [2013/12/31 21:51:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
    [2011/04/12 22:11:58 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/03/29 20:01:25 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
    [2013/06/06 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
    [2013/07/28 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2012/02/12 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XnView

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
    [2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

    < MD5 for: SERVICES.EXE >
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 19:14:45 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=2CEFF13ACE25A40BD8D97654944297CD -- C:\Windows\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /rp /s >

    < %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD5000BPVT-00HXZT1 ATA Device
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: Generic- Multi-Card USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: MS-DOS V4 Huge
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 969.00MB
    Starting Offset: 127488
    Hidden sectors: 0


    < End of report >


    OTL Extras logfile created on: 1/7/2014 6:49:35 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.00% Memory free
    7.60 Gb Paging File | 5.55 Gb Available in Paging File | 73.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.65 Gb Total Space | 375.95 Gb Free Space | 80.74% Space Free | Partition Type: NTFS
    Drive E: | 968.25 Mb Total Space | 686.34 Mb Free Space | 70.88% Space Free | Partition Type: FAT

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "H:\Winamp\winamp.exe" /BOOKMARK "%1"
    Directory [Winamp.Enqueue] -- "H:\Winamp\winamp.exe" /ADD "%1"
    Directory [Winamp.Play] -- "H:\Winamp\winamp.exe" "%1"
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A5FC20F-5AD3-413B-B7E6-866FC85F68DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0D63FF89-850A-4C60-8E09-A89DD03BD0EF}" = rport=137 | protocol=17 | dir=out | app=system |
    "{1269EB9C-16C9-4D52-95BB-C8719A12EE79}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{19147718-BB59-4D31-A778-C85ECF5826FC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{2979294F-2387-4DC2-99C5-A2CDDD9725B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2EE14D51-C08A-4FE7-945C-2C8BA11240C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{6BD54BBC-D1AB-4F33-8CFE-C1C7F42CE678}" = lport=137 | protocol=17 | dir=in | app=system |
    "{6F34AA14-A5FD-4630-AE1D-B04012DA90D2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{77851E85-F5D0-42F9-BA8C-D1701066C738}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7F7086D1-CF9C-4441-827E-5ED9527CAE3C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{8145F115-766D-44DD-8E77-908FEB88774B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{848BD3B9-B4EA-4E6D-AF47-BB54F3DF7138}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{867D80E0-4ED7-4CDD-ABC9-BAECE48356CB}" = rport=445 | protocol=6 | dir=out | app=system |
    "{948C040C-5894-42D0-8241-84E046FCDCDE}" = lport=138 | protocol=17 | dir=in | app=system |
    "{9D713620-6446-47DC-983D-D41A0D1F62B2}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C8904408-F3C0-49A2-A2AB-29E595BDF0D2}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{CC387692-0AAB-47D2-B910-470E4552AC35}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CF7C70E0-84E5-4DB0-B9B9-357CBE855C6B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D524D96E-2F10-4279-8C14-BDD85D680A2D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D8672D74-81CF-4ABE-82A6-8408078AF4C1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F8385EF6-3B53-4877-9703-95E358DF41EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{048326A7-8DD6-45EB-BAD1-5A700A361A98}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{07A9D1B4-BFA1-4058-96A8-02BE232B7475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0F5C8875-098B-4770-8780-B6D474E94DED}" = protocol=1 | dir=out | [email protected],-28544 |
    "{128D3BB8-0096-4A81-8361-7BBBBF706ED3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D6FD57D-60EE-4B24-850C-A68A8F231920}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{26727CF5-0502-40E6-876F-8CB90F2D2666}" = protocol=58 | dir=in | [email protected],-28545 |
    "{271A1F29-DC07-4EF3-BEE5-C0A71D88E290}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2A384309-F2DA-4484-8388-FDC7F807469E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{30E06A06-8354-43C7-BD23-2B7BABE6C9D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{5861E248-377E-4594-A7EC-0B467910636D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{627F0F8C-4AD5-46E2-9603-959297BC24D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{673C0409-AFD3-4ED3-8B41-21F71AA3142B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{70682B7F-F02A-4C8F-A92F-4590A1F18674}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7659241C-943F-415B-825B-A5722DA302A9}" = protocol=58 | dir=out | [email protected],-28546 |
    "{7A494B0A-176B-46D4-BA1A-CDAC4A21084A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7FB37FB4-559C-4D92-836B-7087AA42C47E}" = protocol=1 | dir=in | [email protected],-28543 |
    "{80A2A4F0-96AE-4C04-9558-F3A1987D80C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8C0EC88F-2DE7-4A43-ACC3-6FF0A792A6A4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{95819484-DA00-4367-AF95-E7FB0071792C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{9720C1D7-0D10-48FC-A070-4BF150FD7F81}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9802102C-2B55-4B15-85E2-77D28C2C63A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{99A87796-F8D0-458C-A560-31545AC0AF0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A3CF04B2-B316-40E3-B5DA-1573A2691094}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D5F98D65-9B8F-4F52-9C56-F1AAA99D7EAB}" = protocol=6 | dir=out | app=system |
    "{F6AE5FDB-6D5B-4B09-AA44-B8C7F4638692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{3699A702-A774-4BCA-A0F7-108C02D56D9C}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "TCP Query User{3BD13A7D-5674-4552-A94A-D6B58A614C13}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{9F45B767-D459-4223-B4FD-8F37B27DA95B}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{B5EB3FB5-6791-4C46-8200-B8B4AF359222}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
    "TCP Query User{C5E5A115-F312-46A9-91D1-D009D337A94D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "TCP Query User{FBA1B4AB-B1C6-4ED1-A6B9-B32A12C88816}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
    "UDP Query User{3BA1B5CE-A696-4827-9970-3E5C999D186A}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{3D883776-8E07-456F-8FB8-F7CDBC1ED466}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{70B268F5-D558-434D-88EF-FDBD3B55B431}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{8ED7C264-6D88-48C0-9510-B0B8AFA06E81}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "UDP Query User{B94ACD6B-9988-4198-A984-38680118E22B}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
    "UDP Query User{DCD20562-7655-4C2A-8842-5FAD0CE2F97B}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
    "{2DCD0543-22F6-4E54-80D3-B4EFB9AC4943}" = TweetDeck
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{40AE01BE-A290-4FFB-8DAB-C624C17DC87E}" = Vegas Movie Studio HD Platinum 10.0
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
    "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Dell Webcam Manager" = Dell Webcam Manager
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Basic)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "SoftwareUpdUtility" = Download Updater (AOL Inc.)
    "uTorrent" = µTorrent
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "Xvid Video Codec 1.3.2" = Xvid Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-698050390-2912610609-1931120514-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Spotify" = Spotify
    "UnityWebPlayer" = Unity Web Player
    "Zip Extractor Packages" = Zip Extractor Packages

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/14/2013 7:53:53 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 7:53:53 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 5/14/2013 8:22:51 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ Media Center Events ]
    Error - 6/7/2012 8:06:55 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 7:06:54 PM - Failed to retrieve SportsSchedule (Error: The underlying
    connection was closed: An unexpected error occurred on a receive.)

    Error - 6/30/2012 11:20:37 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 10:20:31 AM - Error connecting to the internet. 10:20:31 AM - Unable
    to contact server..

    Error - 6/30/2012 12:20:48 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 11:20:43 AM - Error connecting to the internet. 11:20:43 AM - Unable
    to contact server..

    Error - 7/4/2013 11:32:01 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 10:31:51 AM - Error connecting to the internet. 10:31:51 AM - Unable
    to contact server..

    Error - 7/4/2013 12:32:07 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 11:32:05 AM - Error connecting to the internet. 11:32:05 AM - Unable
    to contact server..

    Error - 11/2/2013 10:12:33 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 9:12:33 AM - Failed to retrieve Directory (Error: The operation has
    timed out)

    Error - 11/17/2013 11:04:58 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 9:04:36 PM - Failed to retrieve Directory (Error: Invalid security
    token.)

    Error - 12/10/2013 9:04:25 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 7:04:24 PM - Failed to retrieve NetTV (Error: The underlying connection
    was closed: An unexpected error occurred on a receive.)

    Error - 12/11/2013 8:08:57 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 6:08:45 PM - Failed to retrieve SportsV2 (Error: The request was aborted:
    The connection was closed unexpectedly.)

    Error - 12/31/2013 11:45:23 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
    Description = 9:45:16 AM - Error connecting to the internet. 9:45:16 AM - Unable
    to contact server..

    [ System Events ]
    Error - 1/6/2014 9:34:50 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 1/6/2014 9:45:27 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
    Description = The Update Jump Flip service failed to start due to the following
    error: %%2

    Error - 1/6/2014 9:45:27 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 1/6/2014 10:03:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 1/6/2014 10:12:18 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 1/6/2014 11:14:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
    Description = The DCOM Server Process Launcher service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Reboot the machine.

    Error - 1/6/2014 11:14:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
    Description = The Plug and Play service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Reboot the machine.

    Error - 1/6/2014 11:14:25 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Reboot
    the machine) after the unexpected termination of the Plug and Play service, but
    this action failed with the following error: %%1190

    Error - 1/6/2014 11:16:24 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203

    Error - 1/7/2014 8:35:00 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error: %%4203


    < End of report >

    MiniToolBox


    MiniToolBox by Farbar Version: 18-12-2013
    Ran by Owner (administrator) on 07-01-2014 at 19:11:44
    Running from "C:\Users\Owner\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    ========================= FF Proxy Settings: ==============================

    "network.proxy.type", 0
    ========================= Hosts content: =================================

    127.0.0.1 localhost


    =========================== Installed Programs ============================

    µTorrent (Version: 2.2.0)
    Adobe AIR (Version: 3.1.0.4880)
    Adobe Anchor Service CS4 (Version: 2.0)
    Adobe Bridge CS4 (Version: 3)
    Adobe CMaps CS4 (Version: 2.0)
    Adobe Color EU Extra Settings CS4 (Version: 2.0)
    Adobe Color JA Extra Settings CS4 (Version: 2.0)
    Adobe Color NA Recommended Settings CS4 (Version: 2.0)
    Adobe Community Help (Version: 3.0.0)
    Adobe Community Help (Version: 3.0.0.400)
    Adobe CSI CS4 (Version: 1)
    Adobe CSI CS4 x64 (Version: 1)
    Adobe Default Language CS4 (Version: 2.0)
    Adobe Device Central CS4 (Version: 2)
    Adobe Drive CS4 (Version: 1)
    Adobe Drive CS4 x64 (Version: 1)
    Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
    Adobe Extension Manager CS4 (Version: 2.0)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
    Adobe Fonts All (Version: 2.0)
    Adobe Illustrator CS4 (Version: 14.0)
    Adobe Linguistics CS4 (Version: 4.0.0)
    Adobe Media Player (Version: 1.8)
    Adobe Output Module (Version: 2.0)
    Adobe PDF Library Files CS4 (Version: 9.0)
    Adobe Photoshop CS5 (Version: 12.0)
    Adobe Reader XI (11.0.05) (Version: 11.0.05)
    Adobe Search for Help (Version: 1.0)
    Adobe Service Manager Extension (Version: 1.0)
    Adobe Setup (Version: 2.0)
    Adobe Type Support CS4 (Version: 9.0)
    Adobe Update Manager CS4 (Version: 6.0.0)
    Adobe WinSoft Linguistics Plugin (Version: 1.1)
    Adobe XMP Panels CS4 (Version: 2.0)
    AdobeColorCommonSetCMYK (Version: 2.0)
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazon Kindle
    Apple Application Support (Version: 2.3.4)
    Apple Mobile Device Support (Version: 6.1.0.13)
    Apple Software Update (Version: 2.1.3.127)
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Bonjour (Version: 3.0.0.10)
    ComicRack v0.9.136 (Version: v0.9.136)
    Connect (Version: 1.0.0.1)
    D3DX10 (Version: 15.4.2368.0902)
    Dell Resource CD (Version: 1.00.0000)
    Dell Touchpad (Version: 7.1107.101.104)
    Dell Webcam Manager
    Download Updater (AOL Inc.)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1986)
    Intel(R) Management Engine Components (Version: 6.0.0.1179)
    iTunes (Version: 11.0.5.5)
    Java Auto Updater (Version: 2.0.3.1)
    Java(TM) 6 Update 35 (Version: 6.0.350)
    K-Lite Codec Pack 7.0.0 (Basic) (Version: 7.0.0)
    kuler (Version: 2.0)
    Live! Cam Avatar Creator (Version: 4.6.0817.1)
    Live! Cam Avatar v1.0 (Version: 1.0)
    Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000)
    Microsoft Silverlight (Version: 4.0.60831.0)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
    Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
    Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
    Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
    Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
    Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
    Mozilla Maintenance Service (Version: 26.0)
    MSVCRT (Version: 15.4.2862.0708)
    PDF Settings CS4 (Version: 9.0)
    PDF Settings CS5 (Version: 10.0)
    Photoshop Camera Raw (Version: 5.0)
    QuickTime (Version: 7.69.80.9)
    Realtek High Definition Audio Driver (Version: 6.0.1.6039)
    Realtek USB 2.0 Card Reader (Version: 6.1.7100.30098)
    Safari (Version: 5.34.57.2)
    Spotify (Version: 0.9.6.81.gd359a796)
    Suite Shared Configuration CS4 (Version: 1.0)
    TweetDeck (Version: 1.3.0)
    Ulead GIF Animator 5 TBYB
    Unity Web Player (Version: )
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    Vegas Movie Studio HD Platinum 10.0 (Version: 10.0.179)
    Winamp (Version: 5.621 )
    Windows Live Communications Platform (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3502.0922)
    Windows Live Essentials (Version: 15.4.3508.1109)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
    Windows Live Installer (Version: 15.4.3502.0922)
    Windows Live Language Selector (Version: 15.4.3508.1109)
    Windows Live Messenger (Version: 15.4.3502.0922)
    Windows Live Photo Common (Version: 15.4.3502.0922)
    Windows Live PIMT Platform (Version: 15.4.3508.1109)
    Windows Live SOXE (Version: 15.4.3502.0922)
    Windows Live SOXE Definitions (Version: 15.4.3502.0922)
    Windows Live UX Platform (Version: 15.4.3502.0922)
    Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
    WinRAR 4.00 (32-bit) (Version: 4.00.0)
    Xvid Video Codec (Version: 1.3.2)
    Zip Extractor Packages

    **** End of log ****

    Farbar Service Scanner

    Farbar Service Scanner Version: 05-12-2013
    Ran by Owner (administrator) on 07-01-2014 at 19:13:00
    Running from "C:\Users\Owner\AppData\Local\Temp\jg2awr2e.tmp"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2011-03-28 19:03] - [2010-11-20 03:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2011-03-28 19:04] - [2010-11-20 07:33] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2011-03-28 19:03] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 8BF993C368B07F14BF5788F9CA08972A



    **** End of log ****
     
  3. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    I should add that the logs are posted in order in which I ran them.
     
  4. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    Bump, anyone? I would hate to take it to a specialists for them to charge me an arm and leg.

    Any suggestions appreciated.
     
  5. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Hi and welcome.

    Please post the C:\Combofix log.

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
  6. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    Sorry for the late response, I came down with the flu over the weekend :(

    Here are the logs.


    ComboFix

    ComboFix 14-01-01.01 - Owner 01/01/2014 21:03:48.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1334 [GMT -6:00]
    Running from: c:\users\Owner\AppData\Local\Temp\8d03sore.tmp\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\END
    c:\program files (x86)\LP
    c:\program files (x86)\LP\B164\30CF.tmp
    c:\program files (x86)\LP\B164\3EC9.tmp
    c:\program files (x86)\LP\B164\567A.tmp
    c:\program files (x86)\LP\B164\8E0D.tmp
    c:\program files (x86)\LP\B164\DB92.tmp
    c:\program files (x86)\LP\B164\DFA8.tmp
    c:\program files (x86)\LP\B164\FA07.tmp
    c:\programdata\Microsoft\Windows\DRM\8997.tmp
    c:\programdata\Microsoft\Windows\DRM\89A8.tmp
    c:\users\Owner\AppData\Roaming\21ac50f1
    c:\windows\svchost.exe
    .
    Infected copy of c:\windows\SysWow64\kernel32.dll was found and disinfected
    Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-02 to 2014-01-02 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-02 03:14 . 2014-01-02 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-18 03:00 . 2011-04-13 02:11 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2013-12-18 03:00 . 2011-04-13 02:11 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2013-12-18 01:59 . 2011-06-12 22:17 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2013-12-14 03:36 . 2011-04-18 01:13 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2013-12-13 01:13 . 2012-07-09 23:03 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-12-13 01:13 . 2011-09-12 00:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-10 23:05 . 2011-04-13 02:11 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-11-20 . 8BF993C368B07F14BF5788F9CA08972A . 512512 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AIM for Windows"="c:\users\Owner\AppData\Local\AOL\AIM\aim.exe" [2013-09-09 1074216]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    "DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R1 wucawxll;wucawxll;c:\windows\system32\drivers\wucawxll.sys;c:\windows\SYSNATIVE\drivers\wucawxll.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-09 01:13]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-02 10038304]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default\
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    AddRemove-Winamp Detect - h:\winamp detect\UninstWaDetect.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2014-01-01 21:29:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-01-02 03:29
    .
    Pre-Run: 387,535,204,352 bytes free
    Post-Run: 404,806,746,112 bytes free
    .
    - - End Of File - - 303AFC63CB783F6FD79D615322E6DDA0
    A36C5E4F47E84449FF07ED3517B43A31




    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
    Ran by Owner (administrator) on OWNER-PC on 13-01-2014 19:51:23
    Running from C:\Users\Owner\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Creative Technology Ltd.) C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [DELL Webcam Manager] - C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
    HKCU\...\Policies\Explorer: [NoNetHood] 0
    HKCU\...\Policies\Explorer: [NoComputersNearMe] 0

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08AAF8A49EEDCB01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-04]

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

    ==================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
    S1 wucawxll; \??\C:\Windows\system32\drivers\wucawxll.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-13 19:50 - 2014-01-13 19:51 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe
    2014-01-13 19:50 - 2014-01-13 19:50 - 01219584 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:28 - 2014-01-09 18:32 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:23 - 2014-01-09 18:26 - 00000849 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-09 18:21 - 2014-01-13 19:51 - 00012315 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-09 18:20 - 2014-01-09 18:20 - 01931772 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\FRST
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 20:04 - 2009-07-13 19:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:19 - 2014-01-06 19:19 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:18 - 2014-01-06 19:19 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 02263584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00344680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023152 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:18 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 07770048 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 02769400 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00304760 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00288640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00233984 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00151936 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00088632 _____ (Adobe Systems, Inc.) C:\Windows\system32\Drivers\adfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-06 19:13 - 2014-01-06 19:22 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:12 - 2014-01-06 19:17 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:10 - 2014-01-06 20:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Qoobox
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 17:52 - 2014-01-13 19:46 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-01 17:52 - 2014-01-01 18:02 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:14 - 2013-12-19 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-01-13 19:52 - 2014-01-09 18:21 - 00012315 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-13 19:51 - 2014-01-13 19:50 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe
    2014-01-13 19:50 - 2014-01-13 19:50 - 01219584 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-13 19:46 - 2014-01-01 17:52 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-13 19:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-13 19:45 - 2009-07-13 22:51 - 00083334 _____ C:\Windows\setupact.log
    2014-01-10 20:49 - 2011-03-28 17:21 - 01424704 _____ C:\Windows\WindowsUpdate.log
    2014-01-10 20:39 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-10 20:39 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-09 19:13 - 2013-04-16 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Windows\erdnt
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Qoobox
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:32 - 2014-01-09 18:28 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:26 - 2014-01-09 18:23 - 00000849 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-09 18:20 - 2014-01-09 18:20 - 01931772 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\FRST
    2014-01-07 19:13 - 2013-05-24 00:13 - 00000000 ____D C:\Program Files (x86)\Safari
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 20:03 - 2011-03-29 18:33 - 00026568 _____ C:\Windows\PFRO.log
    2014-01-06 20:02 - 2014-01-06 19:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-06 19:45 - 2011-12-27 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:34 - 2012-02-29 20:25 - 370646036 _____ C:\Windows\MEMORY.DMP
    2014-01-06 19:34 - 2012-02-09 20:55 - 00000000 ____D C:\Windows\Minidump
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:22 - 2014-01-06 19:13 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:19 - 2014-01-06 19:19 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:19 - 2014-01-06 19:18 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 02263584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00344680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023152 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:17 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 07770048 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 02769400 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00304760 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00288640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00233984 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00151936 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00088632 _____ (Adobe Systems, Inc.) C:\Windows\system32\Drivers\adfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078848 _____ (Microsoft Corporation)
     
  7. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:12 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:12 - 2011-03-28 15:31 - 00000000 ____D C:\Users\Owner
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:11 - 2011-11-06 21:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
    2014-01-06 18:36 - 2011-03-29 18:58 - 00000000 ___HD C:\Users\Owner\Tracing
    2014-01-02 19:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2014-01-01 21:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
    2014-01-01 21:16 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 18:02 - 2014-01-01 17:52 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 21:51 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
    2013-12-31 16:37 - 2009-07-13 23:13 - 00778278 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-31 12:47 - 2012-04-29 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-31 12:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:15 - 2013-12-19 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-18 22:01 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
    C:\Windows\svchost.exe
    ATTENTION ====> Check for partition/boot infection.

    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\45149uninstall.exe
    C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\_is117D.exe
    C:\Users\Owner\AppData\Local\Temp\_is8C38.exe
    C:\Users\Owner\AppData\Local\Temp\_is957B.exe
    C:\Users\Owner\AppData\Local\Temp\_isD91F.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2011-03-28 19:03] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 8BF993C368B07F14BF5788F9CA08972A

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-12-31 11:32

    ==================== End Of Log ============================
     
  8. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
    Ran by Owner (administrator) on OWNER-PC on 13-01-2014 19:51:23
    Running from C:\Users\Owner\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Creative Technology Ltd.) C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [DELL Webcam Manager] - C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
    HKCU\...\Policies\Explorer: [NoNetHood] 0
    HKCU\...\Policies\Explorer: [NoComputersNearMe] 0

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08AAF8A49EEDCB01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-04]

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

    ==================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
    S1 wucawxll; \??\C:\Windows\system32\drivers\wucawxll.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-13 19:50 - 2014-01-13 19:51 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe
    2014-01-13 19:50 - 2014-01-13 19:50 - 01219584 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:28 - 2014-01-09 18:32 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:23 - 2014-01-09 18:26 - 00000849 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-09 18:21 - 2014-01-13 19:51 - 00012315 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-09 18:20 - 2014-01-09 18:20 - 01931772 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\FRST
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 20:04 - 2009-07-13 19:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\svchost.exe
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:19 - 2014-01-06 19:19 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:18 - 2014-01-06 19:19 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 02263584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00344680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023152 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:18 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 07770048 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 02769400 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00304760 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00288640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00233984 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00151936 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00088632 _____ (Adobe Systems, Inc.) C:\Windows\system32\Drivers\adfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-06 19:13 - 2014-01-06 19:22 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:12 - 2014-01-06 19:17 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:10 - 2014-01-06 20:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Qoobox
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 17:52 - 2014-01-13 19:46 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-01 17:52 - 2014-01-01 18:02 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:14 - 2013-12-19 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-01-13 19:52 - 2014-01-09 18:21 - 00012315 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-13 19:51 - 2014-01-13 19:50 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64-1.exe
    2014-01-13 19:50 - 2014-01-13 19:50 - 01219584 _____ (Farbar) C:\Users\Owner\Downloads\FRST.exe
    2014-01-13 19:46 - 2014-01-01 17:52 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-13 19:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-13 19:45 - 2009-07-13 22:51 - 00083334 _____ C:\Windows\setupact.log
    2014-01-10 20:49 - 2011-03-28 17:21 - 01424704 _____ C:\Windows\WindowsUpdate.log
    2014-01-10 20:39 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-10 20:39 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-09 19:13 - 2013-04-16 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Windows\erdnt
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Qoobox
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:32 - 2014-01-09 18:28 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:26 - 2014-01-09 18:23 - 00000849 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-09 18:20 - 2014-01-09 18:20 - 01931772 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-09 18:20 - 2014-01-09 18:20 - 00000000 ____D C:\FRST
    2014-01-07 19:13 - 2013-05-24 00:13 - 00000000 ____D C:\Program Files (x86)\Safari
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 20:03 - 2011-03-29 18:33 - 00026568 _____ C:\Windows\PFRO.log
    2014-01-06 20:02 - 2014-01-06 19:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-06 19:45 - 2011-12-27 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:34 - 2012-02-29 20:25 - 370646036 _____ C:\Windows\MEMORY.DMP
    2014-01-06 19:34 - 2012-02-09 20:55 - 00000000 ____D C:\Windows\Minidump
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:22 - 2014-01-06 19:13 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:19 - 2014-01-06 19:19 - 01924480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00654928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00184960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00042064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014464 _____ (Western Digital Technologies) C:\Windows\system32\Drivers\wdcsam64.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:19 - 2014-01-06 19:18 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 02263584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01659776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00951680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00376192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00344680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00220672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00152960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00095616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00075136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023152 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:18 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
    2014-01-06 19:18 - 2014-01-06 19:17 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 07770048 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 02769400 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00459248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00304760 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00288640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00233984 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00223248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00155520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00151936 _____ (Intel Corporation) C:\Windows\system32\Drivers\Impcd.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00088632 _____ (Adobe Systems, Inc.) C:\Windows\system32\Drivers\adfs.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:17 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
    2014-01-06 19:17 - 2014-01-06 19:12 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:12 - 2011-03-28 15:31 - 00000000 ____D C:\Users\Owner
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:11 - 2011-11-06 21:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
    2014-01-06 18:36 - 2011-03-29 18:58 - 00000000 ___HD C:\Users\Owner\Tracing
    2014-01-02 19:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2014-01-01 21:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
    2014-01-01 21:16 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 18:02 - 2014-01-01 17:52 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 21:51 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
    2013-12-31 16:37 - 2009-07-13 23:13 - 00778278 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-31 12:47 - 2012-04-29 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-31 12:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:15 - 2013-12-19 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-18 22:01 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify
    C:\Windows\svchost.exe
    ATTENTION ====> Check for partition/boot infection.
     
  9. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    Some content of TEMP:
    ====================
    C:\Users\Owner\AppData\Local\Temp\45149uninstall.exe
    C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\_is117D.exe
    C:\Users\Owner\AppData\Local\Temp\_is8C38.exe
    C:\Users\Owner\AppData\Local\Temp\_is957B.exe
    C:\Users\Owner\AppData\Local\Temp\_isD91F.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2011-03-28 19:03] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 8BF993C368B07F14BF5788F9CA08972A

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-12-31 11:32

    ==================== End Of Log ============================

    ADDITION
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-01-2014
    Ran by Owner at 2014-01-09 18:22:03
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    µTorrent (x32 Version: 2.2.0 - )
    Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
    Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
    Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated)
    Adobe Illustrator CS4 (x32 Version: 14.0 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
    Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
    Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
    Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
    Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Advanced Audio FX Engine (x32 Version: - )
    Advanced Video FX Engine (x32 Version: - )
    Amazon Kindle (HKCU Version: - Amazon)
    Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
    Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    AVS Update Manager 1.0 (x32 Version: - Online Media Technologies Ltd.)
    AVS Video Converter 8 (x32 Version: - Online Media Technologies Ltd.)
    AVS4YOU Software Navigator 1.4 (x32 Version: - Online Media Technologies Ltd.)
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    ComicRack v0.9.136 (Version: v0.9.136 - cYo Soft)
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)
    Dell Touchpad (Version: 7.1107.101.104 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Manager (x32 Version: - )
    Download Updater (AOL Inc.) (x32 Version: - AOL Inc.)
    Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.1986 - Intel Corporation)
    Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
    iTunes (Version: 11.0.5.5 - Apple Inc.)
    Java Auto Updater (x32 Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 35 (x32 Version: 6.0.350 - Oracle)
    K-Lite Codec Pack 7.0.0 (Basic) (x32 Version: 7.0.0 - )
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    Live! Cam Avatar Creator (x32 Version: 4.6.0817.1 - Creative Technology Ltd.)
    Live! Cam Avatar v1.0 (x32 Version: 1.0 - Creative Technology Ltd.)
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (x32 Version: 4.0.60831.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
    Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
    Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    QuickTime (x32 Version: 7.69.80.9 - Apple Inc.)
    Realtek High Definition Audio Driver (x32 Version: 6.0.1.6039 - Realtek Semiconductor Corp.)
    Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30098 - Realtek Semiconductor Corp.)
    Safari (x32 Version: 5.34.57.2 - Apple Inc.)
    Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    TweetDeck (x32 Version: 1.3.0 - Twitter, Inc.)
    Ulead GIF Animator 5 TBYB (x32 Version: - Ulead System)
    Unity Web Player (HKCU Version: - Unity Technologies ApS)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
    VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
    Vegas Movie Studio HD Platinum 10.0 (x32 Version: 10.0.179 - Sony)
    Winamp (x32 Version: 5.621 - Nullsoft, Inc)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    WinRAR 4.00 (32-bit) (x32 Version: 4.00.0 - win.rar GmbH)
    Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)
    Zip Extractor Packages (HKCU Version: - )

    ==================== Restore Points =========================

    21-12-2013 02:55:19 Scheduled Checkpoint
    31-12-2013 17:38:29 Scheduled Checkpoint
    02-01-2014 00:36:04 Windows Modules Installer
    02-01-2014 00:40:59 Windows Modules Installer
    02-01-2014 03:37:08 Windows Modules Installer
    02-01-2014 03:38:38 Windows Modules Installer
    02-01-2014 03:47:51 Windows Modules Installer
    03-01-2014 00:52:52 Windows Modules Installer
    03-01-2014 00:54:15 Windows Modules Installer
    03-01-2014 01:00:57 Restore Operation
    07-01-2014 00:41:44 Windows Modules Installer
    07-01-2014 05:02:28 OTL Restore Point - 1/6/2014 11:02:21 PM
    08-01-2014 00:51:15 OTL Restore Point - 1/7/2014 6:51:05 PM

    ==================== Hosts content: ==========================

    2011-03-29 19:10 - 2014-01-01 21:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {0B3C4449-CF79-45E3-A4EB-B41FB6834067} - \p9pl2637983749207555668 No Task File
    Task: {7073E219-E9E2-4BC6-B2AB-422D612BCA02} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {7CC008B0-0538-47D4-B836-BA75D19FE9FD} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {88C2010A-CB49-4BC0-BDFF-4C1D812A8BDB} - \1485713536 No Task File
    Task: {A9F17CD3-864E-44D3-AA0A-0BDA02BD552F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {C2914485-05AB-4578-A68F-E9F2CAFBA097} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-05-30 19:06 - 2012-05-30 19:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-05-30 19:06 - 2012-05-30 19:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-02-12 20:38 - 2013-02-12 20:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    2012-04-24 19:18 - 2012-04-24 19:18 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
    2012-04-24 19:18 - 2012-04-24 19:18 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72191589.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72191589.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Faulty Device Manager Devices =============

    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/09/2014 06:07:19 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: mshtml.dll, version: 8.0.7601.17537, time stamp: 0x4d270230
    Exception code: 0xc0000005
    Fault offset: 0x00000000000323ca
    Faulting process id: 0x29c
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 09:22:26 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (01/06/2014 09:12:58 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: Flash64_11_9_900_170.ocx, version: 11.9.900.170, time stamp: 0x529b76a2
    Exception code: 0xc0000005
    Fault offset: 0x0000000000824b55
    Faulting process id: 0x2ac
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 08:16:06 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (01/06/2014 08:07:35 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000420
    Fault offset: 0x00013ce2
    Faulting process id: 0xd04
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 07:56:49 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba58
    Exception code: 0xc0000005
    Fault offset: 0x0002e3fb
    Faulting process id: 0xdf0
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 07:41:54 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000420
    Fault offset: 0x00013ce2
    Faulting process id: 0xa50
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 07:24:52 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000420
    Fault offset: 0x00013ce2
    Faulting process id: 0x1498
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 07:15:54 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000420
    Fault offset: 0x00013ce2
    Faulting process id: 0x18bc
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    Error: (01/06/2014 06:33:20 PM) (Source: Application Error) (User: )
    Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000420
    Fault offset: 0x00013ce2
    Faulting process id: 0xb10
    Faulting application start time: 0xsvchost.exe0
    Faulting application path: svchost.exe1
    Faulting module path: svchost.exe2
    Report Id: svchost.exe3

    System errors:
    =============
    Error: (01/09/2014 06:09:31 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/09/2014 06:07:38 PM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
    %%1190

    Error: (01/09/2014 06:07:38 PM) (Source: Service Control Manager) (User: )
    Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    Error: (01/09/2014 06:07:38 PM) (Source: Service Control Manager) (User: )
    Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    Error: (01/09/2014 06:03:23 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/08/2014 09:22:19 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/07/2014 06:35:00 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/06/2014 09:16:24 PM) (Source: Service Control Manager) (User: )
    Description: The Power service terminated with the following error:
    %%4203

    Error: (01/06/2014 09:14:25 PM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
    %%1190

    Error: (01/06/2014 09:14:24 PM) (Source: Service Control Manager) (User: )
    Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

    Microsoft Office Sessions:
    =========================
    Error: (01/09/2014 06:07:19 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c1mshtml.dll8.0.7601.175374d270230c000000500000000000323ca29c01cf0d975b9bd70bC:\Windows\system32\svchost.exeC:\Windows\System32\mshtml.dll2b22eaa9-798b-11e3-8088-b8ac6f526b16

    Error: (01/06/2014 09:22:26 PM) (Source: SideBySide)(User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\AppData\Local\Temp\nng4x83w.tmp\esetsmartinstaller_enu.exe

    Error: (01/06/2014 09:12:58 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c1Flash64_11_9_900_170.ocx11.9.900.170529b76a2c00000050000000000824b552ac01cf0b4ddc30d2e5C:\Windows\system32\svchost.exeC:\Windows\system32\Macromed\Flash\Flash64_11_9_900_170.ocx9b3a61bc-7749-11e3-b807-b8ac6f526b16

    Error: (01/06/2014 08:16:06 PM) (Source: SideBySide)(User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\AppData\Local\Temp\jkv6ek1p.tmp\esetsmartinstaller_enu.exe

    Error: (01/06/2014 08:07:35 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2d0401cf0b4ccc1cc060\\.\globalroot\systemroot\svchost.exeunknown793317ff-7740-11e3-a4d6-b8ac6f526b16

    Error: (01/06/2014 07:56:49 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5ntdll.dll6.1.7601.175144ce7ba58c00000050002e3fbdf001cf0b4a43a42293\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\ntdll.dllf807d057-773e-11e3-bd80-b8ac6f526b16

    Error: (01/06/2014 07:41:54 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2a5001cf0b48bdb30180\\.\globalroot\systemroot\svchost.exeunknowne2e98be5-773c-11e3-b15e-b8ac6f526b16

    Error: (01/06/2014 07:24:52 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2149801cf0b462e66a452\\.\globalroot\systemroot\svchost.exeunknown818ecd7c-773a-11e3-b43c-b8ac6f526b16

    Error: (01/06/2014 07:15:54 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce218bc01cf0b45c660b365\\.\globalroot\systemroot\svchost.exeunknown40b9cf1d-7739-11e3-b43c-b8ac6f526b16

    Error: (01/06/2014 06:33:20 PM) (Source: Application Error)(User: )
    Description: svchost.exe6.1.7600.163854a5bc3c5unknown0.0.0.000000000c000042000013ce2b1001cf0b3e935b4397\\.\globalroot\systemroot\svchost.exeunknown4ea589a4-7733-11e3-b43c-b8ac6f526b16


    CodeIntegrity Errors:
    ===================================
    Date: 2014-01-01 21:13:17.607
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-01-01 21:13:17.582
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Percentage of memory in use: 58%
    Total physical RAM: 3892.54 MB
    Available physical RAM: 1632.54 MB
    Total Pagefile: 7783.28 MB
    Available Pagefile: 5330.77 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.65 GB) (Free:374.79 GB) NTFS
    Drive e: () (Removable) (Total:0.95 GB) (Free:0.67 GB) FAT

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 630B0250)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 969 MB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=969 MB) - (Type=06)

    ==================== End Of Log ============================
     
  10. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Download the enclosed file. Save it in the same location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished. The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

    Type the following in the edit box on FRST64, after "Search:".

    rpcss.dll

    It then should look like:

    Search: rpcss.dll

    Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.
     

    Attached Files:

  11. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
    Ran by Owner at 2014-01-13 21:55:22 Run:1
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    File: C:\Windows\system32\xcqbnpn.drz
    File: C:\Windows\system32\whfix.mki
    File: C:\Windows\system32\aglfxs.toe
    File: C:\Windows\system32\steqb.wfz
    File: C:\Windows\system32\pzvxv.vt
    C:\Windows\svchost.exe
    C:\Users\Owner\AppData\Local\Temp\45149uninstall.exe
    C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll
    C:\Users\Owner\AppData\Local\Temp\_is117D.exe
    C:\Users\Owner\AppData\Local\Temp\_is8C38.exe
    C:\Users\Owner\AppData\Local\Temp\_is957B.exe
    C:\Users\Owner\AppData\Local\Temp\_isD91F.exe
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
    S1 wucawxll; \??\C:\Windows\system32\drivers\wucawxll.sys [x]
    CMD: Dir /b /O:N C:\Windows\system32\Drivers\*
    End
    *****************


    ========================= File: C:\Windows\system32\xcqbnpn.drz ========================

    MD5: 28011BA3C5C3839C4E96873B92F87A20
    Creation and modification date: 2014-01-01 17:52 - 2014-01-13 21:48
    Size: 0000087
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product Name:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End Of File: ======


    ========================= File: C:\Windows\system32\whfix.mki ========================

    MD5: EA916523079B8A0A26D7C489D7445645
    Creation and modification date: 2014-01-01 18:02 - 2014-01-01 18:02
    Size: 0037376
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product Name:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End Of File: ======


    ========================= File: C:\Windows\system32\aglfxs.toe ========================

    MD5: D41D8CD98F00B204E9800998ECF8427E
    Creation and modification date: 2014-01-01 17:52 - 2014-01-01 18:02
    Size: 0000097
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product Name:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End Of File: ======


    ========================= File: C:\Windows\system32\steqb.wfz ========================

    MD5: 9E4B72F761D0948F20FD783F0AF7C387
    Creation and modification date: 2014-01-01 17:52 - 2014-01-01 17:52
    Size: 0000064
    Attributes: ----A
    Company Name:
    Internal Name:
    Original Name:
    Product Name:
    Description:
    File Version:
    Product Version:
    Copyright:

    ====== End Of File: ======


    ========================= File: C:\Windows\system32\pzvxv.vt ========================

    "C:\Windows\system32\pzvxv.vt" not found.
    ====== End Of File: ======

    C:\Windows\svchost.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\45149uninstall.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\Sqlite3.dll => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\_is117D.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\_is8C38.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\_is957B.exe => Moved successfully.
    C:\Users\Owner\AppData\Local\Temp\_isD91F.exe => Moved successfully.
    AppMgmt => Service deleted successfully.
    catchme => Service deleted successfully.
    RtsUIR => Service deleted successfully.
    USBCCID => Service deleted successfully.
    wucawxll => Service deleted successfully.

    ========= Dir /b /O:N C:\Windows\system32\Drivers\* =========

    1394bus.sys
    1394bus.sys.bak
    1394ohci.sys
    1394ohci.sys.bak
    acpi.sys
    acpi.sys.bak
    acpipmi.sys
    acpipmi.sys.bak
    adfs.sys
    adfs.sys.bak
    adp94xx.sys
    adp94xx.sys.bak
    adpahci.sys
    adpahci.sys.bak
    adpu320.sys
    adpu320.sys.bak
    afd.sys
    afd.sys.bak
    agilevpn.sys
    agilevpn.sys.bak
    AGP440.sys
    AGP440.sys.bak
    aliide.sys
    aliide.sys.bak
    amdide.sys
    amdide.sys.bak
    amdk8.sys
    amdk8.sys.bak
    amdppm.sys
    amdppm.sys.bak
    amdsata.sys
    amdsata.sys.bak
    amdsbs.sys
    amdsbs.sys.bak
    amdxata.sys
    amdxata.sys.bak
    Apfiltr.sys
    Apfiltr.sys.bak
    appid.sys
    appid.sys.bak
    arc.sys
    arc.sys.bak
    arcsas.sys
    arcsas.sys.bak
    asyncmac.sys
    asyncmac.sys.bak
    atapi.sys
    atapi.sys.bak
    ataport.sys
    ataport.sys.bak
    b57nd60a.sys
    b57nd60a.sys.bak
    battc.sys
    battc.sys.bak
    BCMWL664.SYS
    BCMWL664.SYS.bak
    beep.sys
    beep.sys.bak
    blbdrive.sys
    blbdrive.sys.bak
    bowser.sys
    bowser.sys.bak
    BrFiltLo.sys
    BrFiltLo.sys.bak
    BrFiltUp.sys
    BrFiltUp.sys.bak
    bridge.sys
    bridge.sys.bak
    BrSerId.sys
    BrSerId.sys.bak
    BrSerWdm.sys
    BrSerWdm.sys.bak
    BrUsbMdm.sys
    BrUsbMdm.sys.bak
    BrUsbSer.sys
    BrUsbSer.sys.bak
    bthmodem.sys
    bthmodem.sys.bak
    bxvbda.sys
    bxvbda.sys.bak
    cdfs.sys
    cdfs.sys.bak
    cdrom.sys
    cdrom.sys.bak
    circlass.sys
    circlass.sys.bak
    Classpnp.sys
    Classpnp.sys.bak
    CmBatt.sys
    CmBatt.sys.bak
    cmdide.sys
    cmdide.sys.bak
    cng.sys
    cng.sys.bak
    compbatt.sys
    compbatt.sys.bak
    CompositeBus.sys
    CompositeBus.sys.bak
    crashdmp.sys
    crashdmp.sys.bak
    crcdisk.sys
    crcdisk.sys.bak
    dfsc.sys
    dfsc.sys.bak
    discache.sys
    discache.sys.bak
    disk.sys
    disk.sys.bak
    Diskdump.sys
    Diskdump.sys.bak
    drmk.sys
    drmk.sys.bak
    drmkaud.sys
    drmkaud.sys.bak
    Dumpata.sys
    Dumpata.sys.bak
    dumpfve.sys
    dumpfve.sys.bak
    dxapi.sys
    dxapi.sys.bak
    dxg.sys
    dxg.sys.bak
    dxgkrnl.sys
    dxgkrnl.sys.bak
    dxgmms1.sys
    dxgmms1.sys.bak
    elxstor.sys
    elxstor.sys.bak
    en-US
    errdev.sys
    errdev.sys.bak
    etc
    evbda.sys
    evbda.sys.bak
    exfat.sys
    exfat.sys.bak
    fastfat.sys
    fastfat.sys.bak
    fdc.sys
    fdc.sys.bak
    fileinfo.sys
    fileinfo.sys.bak
    filetrace.sys
    filetrace.sys.bak
    flpydisk.sys
    flpydisk.sys.bak
    fltMgr.sys
    fltMgr.sys.bak
    fs_rec.sys
    fs_rec.sys.bak
    fsdepends.sys
    fsdepends.sys.bak
    fvevol.sys
    fvevol.sys.bak
    FWPKCLNT.SYS
    FWPKCLNT.SYS.bak
    GAGP30KX.SYS
    GAGP30KX.SYS.bak
    GEARAspiWDM.sys
    GEARAspiWDM.sys.bak
    gm.dls
    gmreadme.txt
    hcw85cir.sys
    hcw85cir.sys.bak
    hdaudbus.sys
    hdaudbus.sys.bak
    HdAudio.sys
    HdAudio.sys.bak
    HECIx64.sys
    HECIx64.sys.bak
    hidbatt.sys
    hidbatt.sys.bak
    hidbth.sys
    hidbth.sys.bak
    hidclass.sys
    hidclass.sys.bak
    hidir.sys
    hidir.sys.bak
    hidparse.sys
    hidparse.sys.bak
    hidusb.sys
    hidusb.sys.bak
    HpSAMD.sys
    HpSAMD.sys.bak
    http.sys
    http.sys.bak
    hwpolicy.sys
    hwpolicy.sys.bak
    i8042prt.sys
    i8042prt.sys.bak
    iaStorV.sys
    iaStorV.sys.bak
    igdkmd64.sys
    igdkmd64.sys.bak
    iirsp.sys
    iirsp.sys.bak
    Impcd.sys
    Impcd.sys.bak
    IntcDAud.sys
    IntcDAud.sys.bak
    intelide.sys
    intelide.sys.bak
    intelppm.sys
    intelppm.sys.bak
    ipfltdrv.sys
    ipfltdrv.sys.bak
    IPMIDrv.sys
    IPMIDrv.sys.bak
    ipnat.sys
    ipnat.sys.bak
    irda.sys
    irda.sys.bak
    irenum.sys
    irenum.sys.bak
    isapnp.sys
    isapnp.sys.bak
    kbdclass.sys
    kbdclass.sys.bak
    kbdhid.sys
    kbdhid.sys.bak
    ks.sys
    ks.sys.bak
    ksecdd.sys
    ksecdd.sys.bak
    ksecpkg.sys
    ksecpkg.sys.bak
    ksthunk.sys
    ksthunk.sys.bak
    lltdio.sys
    lltdio.sys.bak
    lsi_fc.sys
    lsi_fc.sys.bak
    lsi_sas.sys
    lsi_sas.sys.bak
    lsi_sas2.sys
    lsi_sas2.sys.bak
    lsi_scsi.sys
    lsi_scsi.sys.bak
    luafv.sys
    luafv.sys.bak
    mbam.sys
    mbam.sys.bak
    mcd.sys
    mcd.sys.bak
    megasas.sys
    megasas.sys.bak
    MegaSR.sys
    MegaSR.sys.bak
    modem.sys
    modem.sys.bak
    monitor.sys
    monitor.sys.bak
    mouclass.sys
    mouclass.sys.bak
    mouhid.sys
    mouhid.sys.bak
    mountmgr.sys
    mountmgr.sys.bak
    mpio.sys
    mpio.sys.bak
    mpsdrv.sys
    mpsdrv.sys.bak
    mrxdav.sys
    mrxdav.sys.bak
    mrxsmb.sys
    mrxsmb.sys.bak
    mrxsmb10.sys
    mrxsmb10.sys.bak
    mrxsmb20.sys
    mrxsmb20.sys.bak
    msahci.sys
    msahci.sys.bak
    msdsm.sys
    msdsm.sys.bak
    msfs.sys
    msfs.sys.bak
    MsftWdf_Kernel_01009_Inbox_Critical.Wdf
    mshidkmdf.sys
    mshidkmdf.sys.bak
    msisadrv.sys
    msisadrv.sys.bak
    msiscsi.sys
    msiscsi.sys.bak
    mskssrv.sys
    mskssrv.sys.bak
    mspclock.sys
    mspclock.sys.bak
    mspqm.sys
    mspqm.sys.bak
    msrpc.sys
    msrpc.sys.bak
    mssmbios.sys
    mssmbios.sys.bak
    mstee.sys
    mstee.sys.bak
    MTConfig.sys
    MTConfig.sys.bak
    mup.sys
    mup.sys.bak
    ndis.sys
    ndis.sys.bak
    ndiscap.sys
    ndiscap.sys.bak
    ndistapi.sys
    ndistapi.sys.bak
    ndisuio.sys
    ndisuio.sys.bak
    ndiswan.sys
    ndiswan.sys.bak
    ndproxy.sys
    ndproxy.sys.bak
    netbios.sys
    netbios.sys.bak
    netbt.sys
    netbt.sys.bak
    netio.sys
    netio.sys.bak
    nfrd960.sys
    nfrd960.sys.bak
    npfs.sys
    npfs.sys.bak
    nsiproxy.sys
    nsiproxy.sys.bak
    ntfs.sys
    ntfs.sys.bak
    null.sys
    null.sys.bak
    NV_AGP.SYS
    NV_AGP.SYS.bak
    nvraid.sys
    nvraid.sys.bak
    nvstor.sys
    nvstor.sys.bak
    nwifi.sys
    nwifi.sys.bak
    ohci1394.sys
    ohci1394.sys.bak
    pacer.sys
    pacer.sys.bak
    parport.sys
    parport.sys.bak
    partmgr.sys
    partmgr.sys.bak
    pci.sys
    pci.sys.bak
    pciide.sys
    pciide.sys.bak
    pciidex.sys
    pciidex.sys.bak
    pcmcia.sys
    pcmcia.sys.bak
    pcw.sys
    pcw.sys.bak
    PEAuth.sys
    PEAuth.sys.bak
    portcls.sys
    portcls.sys.bak
    processr.sys
    processr.sys.bak
    ql2300.sys
    ql2300.sys.bak
    ql40xx.sys
    ql40xx.sys.bak
    qwavedrv.sys
    qwavedrv.sys.bak
    rasacd.sys
    rasacd.sys.bak
    rasl2tp.sys
    rasl2tp.sys.bak
    raspppoe.sys
    raspppoe.sys.bak
    raspptp.sys
    raspptp.sys.bak
    rassstp.sys
    rassstp.sys.bak
    rdbss.sys
    rdbss.sys.bak
    rdpbus.sys
    rdpbus.sys.bak
    RDPCDD.sys
    RDPCDD.sys.bak
    RDPENCDD.sys
    RDPENCDD.sys.bak
    RDPREFMP.sys
    RDPREFMP.sys.bak
    rdpwd.sys
    rdpwd.sys.bak
    rdyboost.sys
    rdyboost.sys.bak
    rmcast.sys
    rmcast.sys.bak
    RNDISMP.sys
    RNDISMP.sys.bak
    rootmdm.sys
    rootmdm.sys.bak
    rspndr.sys
    rspndr.sys.bak
    Rt64win7.sys
    Rt64win7.sys.bak
    RTKVHD64.sys
    RTKVHD64.sys.bak
    RtsUStor.sys
    RtsUStor.sys.bak
    sbp2port.sys
    sbp2port.sys.bak
    scfilter.sys
    scfilter.sys.bak
    scsiport.sys
    scsiport.sys.bak
    secdrv.sys
    secdrv.sys.bak
    serenum.sys
    serenum.sys.bak
    serial.sys
    serial.sys.bak
    sermouse.sys
    sermouse.sys.bak
    sffdisk.sys
    sffdisk.sys.bak
    sffp_mmc.sys
    sffp_mmc.sys.bak
    sffp_sd.sys
    sffp_sd.sys.bak
    sfloppy.sys
    sfloppy.sys.bak
    sisraid2.sys
    sisraid2.sys.bak
    sisraid4.sys
    sisraid4.sys.bak
    smb.sys
    smb.sys.bak
    smclib.sys
    smclib.sys.bak
    spldr.sys
    spldr.sys.bak
    spsys.sys
    spsys.sys.bak
    srv.sys
    srv.sys.bak
    srv2.sys
    srv2.sys.bak
    srvnet.sys
    srvnet.sys.bak
    stexstor.sys
    stexstor.sys.bak
    storport.sys
    storport.sys.bak
    stream.sys
    stream.sys.bak
    swenum.sys
    swenum.sys.bak
    tape.sys
    tape.sys.bak
    tcpip.sys
    tcpip.sys.bak
    tcpipreg.sys
    tcpipreg.sys.bak
    tdi.sys
    tdi.sys.bak
    tdpipe.sys
    tdpipe.sys.bak
    tdtcp.sys
    tdtcp.sys.bak
    tdx.sys
    tdx.sys.bak
    termdd.sys
    termdd.sys.bak
    tssecsrv.sys
    tssecsrv.sys.bak
    TsUsbFlt.sys
    TsUsbFlt.sys.bak
    tunnel.sys
    tunnel.sys.bak
    UAGP35.SYS
    UAGP35.SYS.bak
    udfs.sys
    udfs.sys.bak
    ULIAGPKX.SYS
    ULIAGPKX.SYS.bak
    umbus.sys
    umbus.sys.bak
    UMDF
    umpass.sys
    umpass.sys.bak
    usb8023.sys
    usb8023.sys.bak
    usbaapl64.sys
    usbaapl64.sys.bak
    USBCAMD2.sys
    USBCAMD2.sys.bak
    usbccgp.sys
    usbccgp.sys.bak
    usbcir.sys
    usbcir.sys.bak
    usbd.sys
    usbd.sys.bak
    usbehci.sys
    usbehci.sys.bak
    usbhub.sys
    usbhub.sys.bak
    usbohci.sys
    usbohci.sys.bak
    usbport.sys
    usbport.sys.bak
    usbprint.sys
    usbprint.sys.bak
    usbrpm.sys
    usbrpm.sys.bak
    USBSTOR.SYS
    USBSTOR.SYS.bak
    usbuhci.sys
    usbuhci.sys.bak
    usbvideo.sys
    usbvideo.sys.bak
    vdrvroot.sys
    vdrvroot.sys.bak
    vga.sys
    vga.sys.bak
    vgapnp.sys
    vgapnp.sys.bak
    vhdmp.sys
    vhdmp.sys.bak
    viaide.sys
    viaide.sys.bak
    videoprt.sys
    videoprt.sys.bak
    volmgr.sys
    volmgr.sys.bak
    volmgrx.sys
    volmgrx.sys.bak
    volsnap.sys
    volsnap.sys.bak
    vsmraid.sys
    vsmraid.sys.bak
    vwifibus.sys
    vwifibus.sys.bak
    vwififlt.sys
    vwififlt.sys.bak
    vwifimp.sys
    vwifimp.sys.bak
    wacompen.sys
    wacompen.sys.bak
    wanarp.sys
    wanarp.sys.bak
    watchdog.sys
    watchdog.sys.bak
    wd.sys
    wd.sys.bak
    wdcsam64.sys
    wdcsam64.sys.bak
    Wdf01000.sys
    Wdf01000.sys.bak
    WdfLdr.sys
    WdfLdr.sys.bak
    wfplwf.sys
    wfplwf.sys.bak
    wimmount.sys
    wimmount.sys.bak
    winusb.sys
    winusb.sys.bak
    wmiacpi.sys
    wmiacpi.sys.bak
    wmilib.sys
    wmilib.sys.bak
    ws2ifsl.sys
    ws2ifsl.sys.bak
    WUDFPf.sys
    WUDFPf.sys.bak
    WUDFRd.sys
    WUDFRd.sys.bak

    ========= End of CMD: =========


    ==== End of Fixlog ====


    SEARCH
    Farbar Recovery Scan Tool (x64) Version: 13-01-2014 02
    Ran by Owner at 2014-01-13 21:56:09
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal

    ================== Search: "rpcss.dll" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [2011-03-28 19:03] - [2010-11-20 07:27] - 0512000 ____A () D41D8CD98F00B204E9800998ECF8427E

    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 18:00] - [2009-07-13 19:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

    C:\Windows\System32\rpcss.dll
    [2011-03-28 19:03] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 8BF993C368B07F14BF5788F9CA08972A

    ====== End Of Search ======
     
  12. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Download the enclosed file. Save it in the same location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished. The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

    Re-Scan with FRST64 and post the new FRST.txt log
     

    Attached Files:

  13. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
    Ran by Owner at 2014-01-13 22:27:18 Run:2
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    C:\Windows\system32\Drivers\1394bus.sys.bak
    C:\Windows\system32\Drivers\1394ohci.sys.bak
    C:\Windows\system32\Drivers\acpi.sys.bak
    C:\Windows\system32\Drivers\acpipmi.sys.bak
    C:\Windows\system32\Drivers\adfs.sys.bak
    C:\Windows\system32\Drivers\adp94xx.sys.bak
    C:\Windows\system32\Drivers\adpahci.sys.bak
    C:\Windows\system32\Drivers\adpu320.sys.bak
    C:\Windows\system32\Drivers\afd.sys.bak
    C:\Windows\system32\Drivers\agilevpn.sys.bak
    C:\Windows\system32\Drivers\AGP440.sys.bak
    C:\Windows\system32\Drivers\aliide.sys.bak
    C:\Windows\system32\Drivers\amdide.sys.bak
    C:\Windows\system32\Drivers\amdk8.sys.bak
    C:\Windows\system32\Drivers\amdppm.sys.bak
    C:\Windows\system32\Drivers\amdsata.sys.bak
    C:\Windows\system32\Drivers\amdsbs.sys.bak
    C:\Windows\system32\Drivers\amdxata.sys.bak
    C:\Windows\system32\Drivers\Apfiltr.sys.bak
    C:\Windows\system32\Drivers\appid.sys.bak
    C:\Windows\system32\Drivers\arc.sys.bak
    C:\Windows\system32\Drivers\arcsas.sys.bak
    C:\Windows\system32\Drivers\asyncmac.sys.bak
    C:\Windows\system32\Drivers\atapi.sys.bak
    C:\Windows\system32\Drivers\ataport.sys.bak
    C:\Windows\system32\Drivers\b57nd60a.sys.bak
    C:\Windows\system32\Drivers\battc.sys.bak
    C:\Windows\system32\Drivers\BCMWL664.SYS.bak
    C:\Windows\system32\Drivers\beep.sys.bak
    C:\Windows\system32\Drivers\blbdrive.sys.bak
    C:\Windows\system32\Drivers\bowser.sys.bak
    C:\Windows\system32\Drivers\BrFiltLo.sys.bak
    C:\Windows\system32\Drivers\BrFiltUp.sys.bak
    C:\Windows\system32\Drivers\bridge.sys.bak
    C:\Windows\system32\Drivers\BrSerId.sys.bak
    C:\Windows\system32\Drivers\BrSerWdm.sys.bak
    C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
    C:\Windows\system32\Drivers\BrUsbSer.sys.bak
    C:\Windows\system32\Drivers\bthmodem.sys.bak
    C:\Windows\system32\Drivers\bxvbda.sys.bak
    C:\Windows\system32\Drivers\cdfs.sys.bak
    C:\Windows\system32\Drivers\cdrom.sys.bak
    C:\Windows\system32\Drivers\circlass.sys.bak
    C:\Windows\system32\Drivers\Classpnp.sys.bak
    C:\Windows\system32\Drivers\CmBatt.sys.bak
    C:\Windows\system32\Drivers\cmdide.sys.bak
    C:\Windows\system32\Drivers\cng.sys.bak
    C:\Windows\system32\Drivers\compbatt.sys.bak
    C:\Windows\system32\Drivers\CompositeBus.sys.bak
    C:\Windows\system32\Drivers\crashdmp.sys.bak
    C:\Windows\system32\Drivers\crcdisk.sys.bak
    C:\Windows\system32\Drivers\dfsc.sys.bak
    C:\Windows\system32\Drivers\discache.sys.bak
    C:\Windows\system32\Drivers\disk.sys.bak
    C:\Windows\system32\Drivers\Diskdump.sys.bak
    C:\Windows\system32\Drivers\drmk.sys.bak
    C:\Windows\system32\Drivers\drmkaud.sys.bak
    C:\Windows\system32\Drivers\Dumpata.sys.bak
    C:\Windows\system32\Drivers\dumpfve.sys.bak
    C:\Windows\system32\Drivers\dxapi.sys.bak
    C:\Windows\system32\Drivers\dxg.sys.bak
    C:\Windows\system32\Drivers\dxgkrnl.sys.bak
    C:\Windows\system32\Drivers\dxgmms1.sys.bak
    C:\Windows\system32\Drivers\elxstor.sys.bak
    C:\Windows\system32\Drivers\errdev.sys.bak
    C:\Windows\system32\Drivers\evbda.sys.bak
    C:\Windows\system32\Drivers\exfat.sys.bak
    C:\Windows\system32\Drivers\fastfat.sys.bak
    C:\Windows\system32\Drivers\fdc.sys.bak
    C:\Windows\system32\Drivers\fileinfo.sys.bak
    C:\Windows\system32\Drivers\filetrace.sys.bak
    C:\Windows\system32\Drivers\flpydisk.sys.bak
    C:\Windows\system32\Drivers\fltMgr.sys.bak
    C:\Windows\system32\Drivers\fs_rec.sys.bak
    C:\Windows\system32\Drivers\fsdepends.sys.bak
    C:\Windows\system32\Drivers\fvevol.sys.bak
    C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
    C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
    C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
    C:\Windows\system32\Drivers\hcw85cir.sys.bak
    C:\Windows\system32\Drivers\hdaudbus.sys.bak
    C:\Windows\system32\Drivers\HdAudio.sys.bak
    C:\Windows\system32\Drivers\HECIx64.sys.bak
    C:\Windows\system32\Drivers\hidbatt.sys.bak
    C:\Windows\system32\Drivers\hidbth.sys.bak
    C:\Windows\system32\Drivers\hidclass.sys.bak
    C:\Windows\system32\Drivers\hidir.sys.bak
    C:\Windows\system32\Drivers\hidparse.sys.bak
    C:\Windows\system32\Drivers\hidusb.sys.bak
    C:\Windows\system32\Drivers\HpSAMD.sys.bak
    C:\Windows\system32\Drivers\http.sys.bak
    C:\Windows\system32\Drivers\hwpolicy.sys.bak
    C:\Windows\system32\Drivers\i8042prt.sys.bak
    C:\Windows\system32\Drivers\iaStorV.sys.bak
    C:\Windows\system32\Drivers\igdkmd64.sys.bak
    C:\Windows\system32\Drivers\iirsp.sys.bak
    C:\Windows\system32\Drivers\Impcd.sys.bak
    C:\Windows\system32\Drivers\IntcDAud.sys.bak
    C:\Windows\system32\Drivers\intelide.sys.bak
    C:\Windows\system32\Drivers\intelppm.sys.bak
    C:\Windows\system32\Drivers\ipfltdrv.sys.bak
    C:\Windows\system32\Drivers\IPMIDrv.sys.bak
    C:\Windows\system32\Drivers\ipnat.sys.bak
    C:\Windows\system32\Drivers\irda.sys.bak
    C:\Windows\system32\Drivers\irenum.sys.bak
    C:\Windows\system32\Drivers\isapnp.sys.bak
    C:\Windows\system32\Drivers\kbdclass.sys.bak
    C:\Windows\system32\Drivers\kbdhid.sys.bak
    C:\Windows\system32\Drivers\ks.sys.bak
    C:\Windows\system32\Drivers\ksecdd.sys.bak
    C:\Windows\system32\Drivers\ksecpkg.sys.bak
    C:\Windows\system32\Drivers\ksthunk.sys.bak
    C:\Windows\system32\Drivers\lltdio.sys.bak
    C:\Windows\system32\Drivers\lsi_fc.sys.bak
    C:\Windows\system32\Drivers\lsi_sas.sys.bak
    C:\Windows\system32\Drivers\lsi_sas2.sys.bak
    C:\Windows\system32\Drivers\lsi_scsi.sys.bak
    C:\Windows\system32\Drivers\luafv.sys.bak
    C:\Windows\system32\Drivers\mbam.sys.bak
    C:\Windows\system32\Drivers\mcd.sys.bak
    C:\Windows\system32\Drivers\megasas.sys.bak
    C:\Windows\system32\Drivers\MegaSR.sys.bak
    C:\Windows\system32\Drivers\modem.sys.bak
    C:\Windows\system32\Drivers\monitor.sys.bak
    C:\Windows\system32\Drivers\mouclass.sys.bak
    C:\Windows\system32\Drivers\mouhid.sys.bak
    C:\Windows\system32\Drivers\mountmgr.sys.bak
    C:\Windows\system32\Drivers\mpio.sys.bak
    C:\Windows\system32\Drivers\mpsdrv.sys.bak
    C:\Windows\system32\Drivers\mrxdav.sys.bak
    C:\Windows\system32\Drivers\mrxsmb.sys.bak
    C:\Windows\system32\Drivers\mrxsmb10.sys.bak
    C:\Windows\system32\Drivers\mrxsmb20.sys.bak
    C:\Windows\system32\Drivers\msahci.sys.bak
    C:\Windows\system32\Drivers\msdsm.sys.bak
    C:\Windows\system32\Drivers\msfs.sys.bak
    C:\Windows\system32\Drivers\mshidkmdf.sys.bak
    C:\Windows\system32\Drivers\msisadrv.sys.bak
    C:\Windows\system32\Drivers\msiscsi.sys.bak
    C:\Windows\system32\Drivers\mskssrv.sys.bak
    C:\Windows\system32\Drivers\mspclock.sys.bak
    C:\Windows\system32\Drivers\mspqm.sys.bak
    C:\Windows\system32\Drivers\msrpc.sys.bak
    C:\Windows\system32\Drivers\mssmbios.sys.bak
    C:\Windows\system32\Drivers\mstee.sys.bak
    C:\Windows\system32\Drivers\MTConfig.sys.bak
    C:\Windows\system32\Drivers\mup.sys.bak
    C:\Windows\system32\Drivers\ndis.sys.bak
    C:\Windows\system32\Drivers\ndiscap.sys.bak
    C:\Windows\system32\Drivers\ndistapi.sys.bak
    C:\Windows\system32\Drivers\ndisuio.sys.bak
    C:\Windows\system32\Drivers\ndiswan.sys.bak
    C:\Windows\system32\Drivers\ndproxy.sys.bak
    C:\Windows\system32\Drivers\netbios.sys.bak
    C:\Windows\system32\Drivers\netbt.sys.bak
    C:\Windows\system32\Drivers\netio.sys.bak
    C:\Windows\system32\Drivers\nfrd960.sys.bak
    C:\Windows\system32\Drivers\npfs.sys.bak
    C:\Windows\system32\Drivers\nsiproxy.sys.bak
    C:\Windows\system32\Drivers\ntfs.sys.bak
    C:\Windows\system32\Drivers\null.sys.bak
    C:\Windows\system32\Drivers\NV_AGP.SYS.bak
    C:\Windows\system32\Drivers\nvraid.sys.bak
    C:\Windows\system32\Drivers\nvstor.sys.bak
    C:\Windows\system32\Drivers\nwifi.sys.bak
    C:\Windows\system32\Drivers\ohci1394.sys.bak
    C:\Windows\system32\Drivers\pacer.sys.bak
    C:\Windows\system32\Drivers\parport.sys.bak
    C:\Windows\system32\Drivers\partmgr.sys.bak
    C:\Windows\system32\Drivers\pci.sys.bak
    C:\Windows\system32\Drivers\pciide.sys.bak
    C:\Windows\system32\Drivers\pciidex.sys.bak
    C:\Windows\system32\Drivers\pcmcia.sys.bak
    C:\Windows\system32\Drivers\pcw.sys.bak
    C:\Windows\system32\Drivers\PEAuth.sys.bak
    C:\Windows\system32\Drivers\portcls.sys.bak
    C:\Windows\system32\Drivers\processr.sys.bak
    C:\Windows\system32\Drivers\ql2300.sys.bak
    C:\Windows\system32\Drivers\ql40xx.sys.bak
    C:\Windows\system32\Drivers\qwavedrv.sys.bak
    C:\Windows\system32\Drivers\rasacd.sys.bak
    C:\Windows\system32\Drivers\rasl2tp.sys.bak
    C:\Windows\system32\Drivers\raspppoe.sys.bak
    C:\Windows\system32\Drivers\raspptp.sys.bak
    C:\Windows\system32\Drivers\rassstp.sys.bak
    C:\Windows\system32\Drivers\rdbss.sys.bak
    C:\Windows\system32\Drivers\rdpbus.sys.bak
    C:\Windows\system32\Drivers\RDPCDD.sys.bak
    C:\Windows\system32\Drivers\RDPENCDD.sys.bak
    C:\Windows\system32\Drivers\RDPREFMP.sys.bak
    C:\Windows\system32\Drivers\rdpwd.sys.bak
    C:\Windows\system32\Drivers\rdyboost.sys.bak
    C:\Windows\system32\Drivers\rmcast.sys.bak
    C:\Windows\system32\Drivers\RNDISMP.sys.bak
    C:\Windows\system32\Drivers\rootmdm.sys.bak
    C:\Windows\system32\Drivers\rspndr.sys.bak
    C:\Windows\system32\Drivers\Rt64win7.sys.bak
    C:\Windows\system32\Drivers\RTKVHD64.sys.bak
    C:\Windows\system32\Drivers\RtsUStor.sys.bak
    C:\Windows\system32\Drivers\sbp2port.sys.bak
    C:\Windows\system32\Drivers\scfilter.sys.bak
    C:\Windows\system32\Drivers\scsiport.sys.bak
    C:\Windows\system32\Drivers\secdrv.sys.bak
    C:\Windows\system32\Drivers\serenum.sys.bak
    C:\Windows\system32\Drivers\serial.sys.bak
    C:\Windows\system32\Drivers\sermouse.sys.bak
    C:\Windows\system32\Drivers\sffdisk.sys.bak
    C:\Windows\system32\Drivers\sffp_mmc.sys.bak
    C:\Windows\system32\Drivers\sffp_sd.sys.bak
    C:\Windows\system32\Drivers\sfloppy.sys.bak
    C:\Windows\system32\Drivers\sisraid2.sys.bak
    C:\Windows\system32\Drivers\sisraid4.sys.bak
    C:\Windows\system32\Drivers\smb.sys.bak
    C:\Windows\system32\Drivers\smclib.sys.bak
    C:\Windows\system32\Drivers\spldr.sys.bak
    C:\Windows\system32\Drivers\spsys.sys.bak
    C:\Windows\system32\Drivers\srv.sys.bak
    C:\Windows\system32\Drivers\srv2.sys.bak
    C:\Windows\system32\Drivers\srvnet.sys.bak
    C:\Windows\system32\Drivers\stexstor.sys.bak
    C:\Windows\system32\Drivers\storport.sys.bak
    C:\Windows\system32\Drivers\stream.sys.bak
    C:\Windows\system32\Drivers\swenum.sys.bak
    C:\Windows\system32\Drivers\tape.sys.bak
    C:\Windows\system32\Drivers\tcpip.sys.bak
    C:\Windows\system32\Drivers\tcpipreg.sys.bak
    C:\Windows\system32\Drivers\tdi.sys.bak
    C:\Windows\system32\Drivers\tdpipe.sys.bak
    C:\Windows\system32\Drivers\tdtcp.sys.bak
    C:\Windows\system32\Drivers\tdx.sys.bak
    C:\Windows\system32\Drivers\termdd.sys.bak
    C:\Windows\system32\Drivers\tssecsrv.sys.bak
    C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
    C:\Windows\system32\Drivers\tunnel.sys.bak
    C:\Windows\system32\Drivers\UAGP35.SYS.bak
    C:\Windows\system32\Drivers\udfs.sys.bak
    C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
    C:\Windows\system32\Drivers\umbus.sys.bak
    C:\Windows\system32\Drivers\umpass.sys.bak
    C:\Windows\system32\Drivers\usb8023.sys.bak
    C:\Windows\system32\Drivers\usbaapl64.sys.bak
    C:\Windows\system32\Drivers\USBCAMD2.sys.bak
    C:\Windows\system32\Drivers\usbccgp.sys.bak
    C:\Windows\system32\Drivers\usbcir.sys.bak
    C:\Windows\system32\Drivers\usbd.sys.bak
    C:\Windows\system32\Drivers\usbehci.sys.bak
    C:\Windows\system32\Drivers\usbhub.sys.bak
    C:\Windows\system32\Drivers\usbohci.sys.bak
    C:\Windows\system32\Drivers\usbport.sys.bak
    C:\Windows\system32\Drivers\usbprint.sys.bak
    C:\Windows\system32\Drivers\usbrpm.sys.bak
    C:\Windows\system32\Drivers\USBSTOR.SYS.bak
    C:\Windows\system32\Drivers\usbuhci.sys.bak
    C:\Windows\system32\Drivers\usbvideo.sys.bak
    C:\Windows\system32\Drivers\vdrvroot.sys.bak
    C:\Windows\system32\Drivers\vga.sys.bak
    C:\Windows\system32\Drivers\vgapnp.sys.bak
    C:\Windows\system32\Drivers\vhdmp.sys.bak
    C:\Windows\system32\Drivers\viaide.sys.bak
    C:\Windows\system32\Drivers\videoprt.sys.bak
    C:\Windows\system32\Drivers\volmgr.sys.bak
    C:\Windows\system32\Drivers\volmgrx.sys.bak
    C:\Windows\system32\Drivers\volsnap.sys.bak
    C:\Windows\system32\Drivers\vsmraid.sys.bak
    C:\Windows\system32\Drivers\vwifibus.sys.bak
    C:\Windows\system32\Drivers\vwififlt.sys.bak
    C:\Windows\system32\Drivers\vwifimp.sys.bak
    C:\Windows\system32\Drivers\wacompen.sys.bak
    C:\Windows\system32\Drivers\wanarp.sys.bak
    C:\Windows\system32\Drivers\watchdog.sys.bak
    C:\Windows\system32\Drivers\wd.sys.bak
    C:\Windows\system32\Drivers\wdcsam64.sys.bak
    C:\Windows\system32\Drivers\Wdf01000.sys.bak
    C:\Windows\system32\Drivers\WdfLdr.sys.bak
    C:\Windows\system32\Drivers\wfplwf.sys.bak
    C:\Windows\system32\Drivers\wimmount.sys.bak
    C:\Windows\system32\Drivers\winusb.sys.bak
    C:\Windows\system32\Drivers\wmiacpi.sys.bak
    C:\Windows\system32\Drivers\wmilib.sys.bak
    C:\Windows\system32\Drivers\ws2ifsl.sys.bak
    C:\Windows\system32\Drivers\WUDFPf.sys.bak
    C:\Windows\system32\Drivers\WUDFRd.sys.bak
    End
    *****************

    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
    C:\Windows\system32\Drivers\1394bus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\1394ohci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\acpi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\acpipmi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\adfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\adp94xx.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\adpahci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\adpu320.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\afd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\agilevpn.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\AGP440.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\aliide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdk8.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdppm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdsata.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdsbs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\amdxata.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Apfiltr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\appid.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\arc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\arcsas.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\asyncmac.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\atapi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ataport.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\b57nd60a.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\battc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BCMWL664.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\beep.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\blbdrive.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\bowser.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrFiltLo.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrFiltUp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\bridge.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrSerId.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrSerWdm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrUsbMdm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\BrUsbSer.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\bthmodem.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\bxvbda.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\cdfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\cdrom.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\circlass.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Classpnp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\CmBatt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\cmdide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\cng.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\compbatt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\CompositeBus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\crashdmp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\crcdisk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dfsc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\discache.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\disk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Diskdump.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\drmk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\drmkaud.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Dumpata.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dumpfve.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dxapi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dxg.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dxgkrnl.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\dxgmms1.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\elxstor.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\errdev.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\evbda.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\exfat.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fastfat.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fdc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fileinfo.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\filetrace.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\flpydisk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fltMgr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fs_rec.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fsdepends.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\fvevol.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\GAGP30KX.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hcw85cir.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hdaudbus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\HdAudio.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\HECIx64.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidbatt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidbth.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidclass.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidir.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidparse.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hidusb.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\HpSAMD.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\http.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\hwpolicy.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\i8042prt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\iaStorV.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\igdkmd64.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\iirsp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Impcd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\IntcDAud.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\intelide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\intelppm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ipfltdrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\IPMIDrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ipnat.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\irda.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\irenum.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\isapnp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\kbdclass.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\kbdhid.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ks.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ksecdd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ksecpkg.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ksthunk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\lltdio.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\lsi_fc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\lsi_sas.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\lsi_sas2.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\lsi_scsi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\luafv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mbam.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mcd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\megasas.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\MegaSR.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\modem.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\monitor.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mouclass.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mouhid.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mountmgr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mpio.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mpsdrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mrxdav.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mrxsmb.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mrxsmb10.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mrxsmb20.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msahci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msdsm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mshidkmdf.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msisadrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msiscsi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mskssrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mspclock.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mspqm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\msrpc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mssmbios.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mstee.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\MTConfig.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\mup.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndis.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndiscap.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndistapi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndisuio.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndiswan.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ndproxy.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\netbios.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\netbt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\netio.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\nfrd960.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\npfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\nsiproxy.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ntfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\null.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\NV_AGP.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\nvraid.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\nvstor.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\nwifi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ohci1394.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pacer.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\parport.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\partmgr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pciide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pciidex.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pcmcia.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\pcw.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\PEAuth.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\portcls.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\processr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ql2300.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ql40xx.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\qwavedrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rasacd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rasl2tp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\raspppoe.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\raspptp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rassstp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rdbss.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rdpbus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RDPCDD.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RDPENCDD.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RDPREFMP.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rdpwd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rdyboost.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rmcast.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RNDISMP.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rootmdm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\rspndr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Rt64win7.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RTKVHD64.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\RtsUStor.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sbp2port.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\scfilter.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\scsiport.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\secdrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\serenum.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\serial.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sermouse.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sffdisk.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sffp_mmc.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sffp_sd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sfloppy.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sisraid2.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\sisraid4.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\smb.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\smclib.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\spldr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\spsys.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\srv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\srv2.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\srvnet.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\stexstor.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\storport.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\stream.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\swenum.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tape.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tcpip.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tcpipreg.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tdi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tdpipe.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tdtcp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tdx.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\termdd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tssecsrv.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\TsUsbFlt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\tunnel.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\UAGP35.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\udfs.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\umbus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\umpass.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usb8023.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbaapl64.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\USBCAMD2.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbccgp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbcir.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbehci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbhub.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbohci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbport.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbprint.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbrpm.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\USBSTOR.SYS.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbuhci.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\usbvideo.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vdrvroot.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vga.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vgapnp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vhdmp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\viaide.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\videoprt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\volmgr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\volmgrx.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\volsnap.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vsmraid.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vwifibus.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vwififlt.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\vwifimp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wacompen.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wanarp.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\watchdog.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wd.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wdcsam64.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\Wdf01000.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\WdfLdr.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wfplwf.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wimmount.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\winusb.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wmiacpi.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\wmilib.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\ws2ifsl.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\WUDFPf.sys.bak => Moved successfully.
    C:\Windows\system32\Drivers\WUDFRd.sys.bak => Moved successfully.

    ==== End of Fixlog ====

    FRST

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
    Ran by Owner (administrator) on OWNER-PC on 13-01-2014 22:27:43
    Running from C:\Users\Owner\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Creative Technology Ltd.) C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe
    () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
    (Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor)
    HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKLM-x32\...\Run: [DELL Webcam Manager] - C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe [118784 2007-07-27] (Creative Technology Ltd.)
    HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
    HKCU\...\Policies\Explorer: [NoNetHood] 0
    HKCU\...\Policies\Explorer: [NoComputersNearMe] 0

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08AAF8A49EEDCB01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1367047350&ir=
    BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vlg9bt9o.default
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
    FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-06-04]

    Chrome:
    =======
    Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

    ==================== Services (Whitelisted) =================

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

    ==================== Drivers (Whitelisted) ====================

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-01-13 21:55 - 2014-01-13 21:55 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:28 - 2014-01-09 18:32 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:23 - 2014-01-13 21:56 - 00000852 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-09 18:21 - 2014-01-13 22:27 - 00011977 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-09 18:20 - 2014-01-13 21:55 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-09 18:20 - 2014-01-13 21:55 - 00000000 ____D C:\FRST
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:13 - 2014-01-06 19:22 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:12 - 2014-01-06 19:17 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:10 - 2014-01-06 20:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Windows\erdnt
    2014-01-01 20:58 - 2014-01-09 19:07 - 00000000 ____D C:\Qoobox
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 17:52 - 2014-01-13 21:48 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-01 17:52 - 2014-01-01 18:02 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:14 - 2013-12-19 19:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    2014-01-13 22:27 - 2014-01-09 18:21 - 00011977 _____ C:\Users\Owner\Downloads\FRST.txt
    2014-01-13 22:13 - 2013-04-16 20:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-13 21:56 - 2014-01-09 18:23 - 00000852 _____ C:\Users\Owner\Downloads\Search.txt
    2014-01-13 21:55 - 2014-01-13 21:55 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
    2014-01-13 21:55 - 2014-01-09 18:20 - 02075648 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
    2014-01-13 21:55 - 2014-01-09 18:20 - 00000000 ____D C:\FRST
    2014-01-13 21:48 - 2014-01-01 17:52 - 00000087 _____ C:\Windows\system32\xcqbnpn.drz
    2014-01-13 19:53 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-13 19:53 - 2009-07-13 22:45 - 00015328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-13 19:49 - 2011-03-28 17:21 - 01424704 _____ C:\Windows\WindowsUpdate.log
    2014-01-13 19:45 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-13 19:45 - 2009-07-13 22:51 - 00083334 _____ C:\Windows\setupact.log
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Windows\erdnt
    2014-01-09 19:07 - 2014-01-01 20:58 - 00000000 ____D C:\Qoobox
    2014-01-09 18:40 - 2014-01-09 18:40 - 00002975 _____ C:\Users\Owner\Desktop\HiJackThis.lnk
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2014-01-09 18:40 - 2014-01-09 18:40 - 00000000 ____D C:\Program Files (x86)\Trend Micro
    2014-01-09 18:38 - 2014-01-09 18:38 - 01402880 _____ C:\Users\Owner\Downloads\HiJackThis.msi
    2014-01-09 18:32 - 2014-01-09 18:28 - 00000000 ____D C:\AdwCleaner
    2014-01-09 18:27 - 2014-01-09 18:27 - 01233962 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
    2014-01-09 18:22 - 2014-01-09 18:22 - 00025753 _____ C:\Users\Owner\Downloads\Addition.txt
    2014-01-07 19:13 - 2013-05-24 00:13 - 00000000 ____D C:\Program Files (x86)\Safari
    2014-01-07 19:08 - 2014-01-07 19:08 - 00057618 _____ C:\Users\Owner\Downloads\Extras.Txt
    2014-01-07 19:06 - 2014-01-07 19:06 - 00075196 _____ C:\Users\Owner\Downloads\OTL.Txt
    2014-01-07 18:56 - 2014-01-07 18:56 - 00760063 _____ (Farbar) C:\Users\Owner\Downloads\MiniToolBox.exe
    2014-01-06 22:59 - 2014-01-06 22:59 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Downloads\OTL.exe
    2014-01-06 22:58 - 2014-01-06 22:58 - 00002166 _____ C:\Users\Owner\Desktop\eset.txt
    2014-01-06 20:10 - 2014-01-06 20:10 - 00000000 ____D C:\TDSSKiller_Quarantine
    2014-01-06 20:03 - 2011-03-29 18:33 - 00026568 _____ C:\Windows\PFRO.log
    2014-01-06 20:02 - 2014-01-06 19:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DigitalSites
    2014-01-06 19:45 - 2011-12-27 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-06 19:34 - 2014-01-06 19:34 - 00277824 _____ C:\Windows\Minidump\010614-39437-01.dmp
    2014-01-06 19:34 - 2012-02-29 20:25 - 370646036 _____ C:\Windows\MEMORY.DMP
    2014-01-06 19:34 - 2012-02-09 20:55 - 00000000 ____D C:\Windows\Minidump
    2014-01-06 19:26 - 2014-01-06 19:26 - 00277824 _____ C:\Windows\Minidump\010614-23665-01.dmp
    2014-01-06 19:23 - 2014-01-06 19:23 - 00001560 _____ C:\Users\Owner\Desktop\RKreport[0]_SC_01062014_192312.txt
    2014-01-06 19:22 - 2014-01-06 19:22 - 00004216 _____ C:\Users\Owner\Desktop\RKreport[0]_D_01062014_192247.txt
    2014-01-06 19:22 - 2014-01-06 19:13 - 00000000 ____D C:\Users\Owner\Desktop\RK_Quarantine
    2014-01-06 19:19 - 2014-01-06 19:19 - 00004099 _____ C:\Users\Owner\Desktop\RKreport[0]_S_01062014_191946.txt
    2014-01-06 19:17 - 2014-01-06 19:12 - 00000275 _____ C:\Users\Owner\daemonprocess.txt
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\genienext
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\AppData\Local\cache
    2014-01-06 19:12 - 2014-01-06 19:12 - 00000000 ____D C:\Users\Owner\.android
    2014-01-06 19:12 - 2011-03-28 15:31 - 00000000 ____D C:\Users\Owner
    2014-01-06 19:11 - 2014-01-06 19:11 - 00000000 ____D C:\Users\Owner\AppData\Roaming\0D0S1L2Z1P1B
    2014-01-06 19:11 - 2011-11-06 21:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
    2014-01-06 18:36 - 2011-03-29 18:58 - 00000000 ___HD C:\Users\Owner\Tracing
    2014-01-02 19:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
    2014-01-01 21:29 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Default
    2014-01-01 21:16 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-01 18:02 - 2014-01-01 18:02 - 00037376 _____ C:\Windows\system32\whfix.mki
    2014-01-01 18:02 - 2014-01-01 17:52 - 00000097 _____ C:\Windows\system32\aglfxs.toe
    2014-01-01 17:52 - 2014-01-01 17:52 - 00000064 _____ C:\Windows\system32\steqb.wfz
    2014-01-01 17:36 - 2014-01-01 17:36 - 00219314 ____S C:\Windows\system32\pzvxv.vtz
    2013-12-31 21:51 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
    2013-12-31 16:37 - 2009-07-13 23:13 - 00778278 _____ C:\Windows\system32\PerfStringBackup.INI
    2013-12-31 12:47 - 2012-04-29 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2013-12-31 12:47 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
    2013-12-31 10:49 - 2013-12-31 10:49 - 00265480 _____ C:\Windows\Minidump\123113-42276-01.dmp
    2013-12-19 19:15 - 2013-12-19 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-12-18 22:01 - 2013-11-22 22:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Spotify

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-01-13 20:29

    ==================== End Of Log ============================
     
  14. JSntgRvr

    JSntgRvr Moderator Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,551
    First Name:
    José
    Download the enclosed file. Save it in the same location FRST64 is. Run FRST64 and click on the Fix button. Wait until finished. The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

    I would recommend AVAST as an antivirus

    How is the computer doing?
     

    Attached Files:

  15. supergirlacd

    supergirlacd Thread Starter

    Joined:
    Jan 7, 2014
    Messages:
    12
    So far no ADs! The computer did a disk scan after the reboot, not sure if that was supposed to happen? Here's the log.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-01-2014 02
    Ran by Owner at 2014-01-13 22:47:57 Run:3
    Running from C:\Users\Owner\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0 FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu tCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0 FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu tCyD1B1P1R&cr=1367047350&ir=
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0101&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0 FyDtByC0BtCyCyEtDyDyDtN0D0Tzu0SyBtAyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu tCyD1B1P1R&cr=1367047350&ir=
    C:\Windows\system32\whfix.mki
    C:\Windows\system32\xcqbnpn.drz
    C:\Windows\system32\aglfxs.toe
    C:\Windows\system32\steqb.wfz
    C:\Windows\system32\pzvxv.vtz
    C:\Windows\system32\xcqbnpn.drz
    Task: {0B3C4449-CF79-45E3-A4EB-B41FB6834067} - \p9pl2637983749207555668 No Task File
    Task: {88C2010A-CB49-4BC0-BDFF-4C1D812A8BDB} - \1485713536 No Task File
    End
    *****************

    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
    C:\Windows\system32\whfix.mki => Moved successfully.
    C:\Windows\system32\xcqbnpn.drz => Moved successfully.
    Could not move "C:\Windows\system32\aglfxs.toe" => Scheduled to move on reboot.
    C:\Windows\system32\steqb.wfz => Moved successfully.
    Could not move "C:\Windows\system32\pzvxv.vtz" => Scheduled to move on reboot.
    "C:\Windows\system32\xcqbnpn.drz" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0B3C4449-CF79-45E3-A4EB-B41FB6834067} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B3C4449-CF79-45E3-A4EB-B41FB6834067} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\p9pl2637983749207555668 => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88C2010A-CB49-4BC0-BDFF-4C1D812A8BDB} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88C2010A-CB49-4BC0-BDFF-4C1D812A8BDB} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1485713536 => Key deleted successfully.

    => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-01-13 22:56:14)<=

    C:\Windows\system32\aglfxs.toe => Is moved successfully.
    C:\Windows\system32\pzvxv.vtz => Is moved successfully.

    ==== End of Fixlog ====
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1117038

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice