Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus:DOS/Rovnix.W Keeps reappearing and will not be removed from computer


  • This topic is locked This topic is locked
23 replies to this topic

#1 LEAMIE22

LEAMIE22

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 23 December 2013 - 10:43 PM

Microsoft Security Essentials keeps picking up a Virus:DOS/Rovnix.W, telling me to restart the computer to complete clean, as soon as I reboot the computer the same virus appears as soon as I scan again. It either says the virus cannot be found or there is an error encountered while taking an action with it (e.g quarantine, remove, clean). Often now and again I also pick up a PWS:Win32/Zbot.gen!AP as well which seems to be removed, but after another scan it appears quite frequently.

One of the virus's also causes advertisements to start flashing in and out of the screen when I decide to switch the computer off. After running multiple scans they seem to find other malware but not remove these particular ones, which these results can be located on this forum link: http://www.bleepingcomputer.com/forums/t/518233/pwswin32zbotgenap/#entry3240365

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 1.6.0_31
Run by Liam at 14:30:40 on 2013-12-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.16320.14429 [GMT 11:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
E:\Program Files (x86)\hamachi-2.exe
E:\Program Files (x86)\LMIGuardianSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ISCTSY~1.LNK - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 61.9.134.49 61.9.133.193
TCP: Interfaces\{F697CF68-6DA3-436A-804C-E32D749D2A87} : NameServer = 208.67.222.222
TCP: Interfaces\{F697CF68-6DA3-436A-804C-E32D749D2A87} : DHCPNameServer = 61.9.134.49 61.9.133.193
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\2jhcpstm.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Liam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Liam\Desktop\VLC\npvlc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-7-18 49048]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-22 678384]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-22 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-1 20616]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2013-8-1 17192]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-12-20 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-28 239616]
R2 AVerRECentral;AVerRECentral;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [2013-8-10 355840]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;E:\Program Files (x86)\hamachi-2.exe [2013-11-29 2210640]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-2-23 183048]
R2 ISCTAgent;Intel® Smart Connect Technology Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2013-3-14 182248]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-21 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
R3 AVer330C875;AVer330C875;C:\Windows\System32\drivers\AVer330C875.sys [2013-8-10 1504512]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-8-1 496400]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2013-3-14 21048]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2013-3-14 21048]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-3-14 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-1 366216]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-1 786056]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-21 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2013-8-1 34752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-3-22 15344]
S2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-1 131544]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-1 169432]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\Windows\System32\drivers\CMUSBDAC.sys [2013-5-9 358400]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-8-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-8-9 79360]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-8-11 31800]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-31 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-3-31 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-10 1255736]
S3 XENfiltv;XENfiltv;C:\Windows\System32\drivers\XENfiltv.sys [2009-7-31 25600]
.
=============== Created Last 30 ================
.
2013-12-24 03:29:00    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E03B406-6009-41E8-8FEC-03810B9619AF}\offreg.dll
2013-12-23 00:55:59    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E03B406-6009-41E8-8FEC-03810B9619AF}\mpengine.dll
2013-12-22 03:27:46    --------    d-----w-    C:\Program Files (x86)\ESET
2013-12-22 03:15:45    --------    d-----w-    C:\Windows\ERUNT
2013-12-22 03:07:28    --------    d-----w-    C:\AdwCleaner
2013-12-22 02:13:54    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-12-22 02:07:28    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-22 02:06:53    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-22 01:51:05    94656    ----a-w-    C:\Windows\System32\WPRO_41_2001woem.tmp
2013-12-21 13:55:18    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C6C9A48A-39E7-45A0-A5C1-22B15C1FE605}\gapaengine.dll
2013-12-21 13:55:14    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 13:53:36    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-12-21 13:53:35    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-12-21 12:10:21    --------    d-----w-    C:\Users\Liam\AppData\Roaming\Malwarebytes
2013-12-21 12:10:13    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-21 12:10:12    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-21 12:10:12    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 11:14:38    --------    d-----w-    C:\Users\Liam\AppData\Roaming\Eguhiwex
2013-12-21 11:09:28    --------    d-----w-    C:\Users\Liam\AppData\Roaming\Anqiir
2013-12-21 11:08:27    --------    d-----w-    C:\Users\Liam\AppData\Roaming\Ylinad
2013-12-21 05:03:53    --------    d-----w-    C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-21 05:03:41    --------    d-----w-    C:\Windows\PCHEALTH
2013-12-21 05:03:41    --------    d-----w-    C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-21 05:03:16    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-21 05:03:09    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
2013-12-21 05:03:07    --------    d-----w-    C:\Users\Liam\AppData\Local\Microsoft Help
2013-12-20 06:51:37    --------    d-----w-    C:\Users\Liam\AppData\Local\NFS Underground 2
2013-12-20 05:44:59    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-12-20 05:22:31    --------    d-----w-    C:\Users\Liam\AppData\Roaming\DAEMON Tools Lite
2013-12-20 05:21:40    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2013-12-20 05:13:42    --------    d-----w-    C:\Users\Liam\AppData\Local\Google
2013-12-20 04:07:39    --------    d-----w-    C:\Users\Liam\AppData\Local\WinZip
2013-12-20 00:27:53    --------    d-----w-    C:\Users\Liam\AppData\Roaming\.minecraft
2013-12-14 09:13:47    --------    d-----w-    C:\Program Files (x86)\NVIDIA Corporation
2013-12-14 09:13:15    --------    d-----w-    C:\ProgramData\Package Cache
2013-12-13 12:18:13    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-13 12:18:13    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-13 12:18:13    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2013-12-13 12:18:13    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2013-12-13 10:53:51    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-12-05 10:40:30    --------    d-----w-    C:\Users\Liam\AppData\Local\Electronic_Arts_Inc
2013-11-29 03:37:19    189248    ----a-w-    C:\Windows\SysWow64\PnkBstrB.exe
2013-11-29 03:37:18    75136    ----a-w-    C:\Windows\SysWow64\PnkBstrA.exe
2013-11-29 03:37:15    --------    d-----w-    C:\Users\Liam\AppData\Local\Ubisoft Game Launcher
2013-11-28 11:40:33    --------    d-----w-    C:\Users\Liam\AppData\Local\Castle Story Prototype
2013-11-26 10:15:12    --------    d-----w-    C:\Users\Liam\AppData\Local\LogMeIn
2013-11-26 10:15:08    --------    d-----w-    C:\ProgramData\LogMeIn
.
==================== Find3M  ====================
.
2013-12-24 03:28:59    34752    ----a-w-    C:\Windows\System32\drivers\WPRO_41_2001.sys
2013-12-13 12:11:16    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-13 12:11:16    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-26 22:53:06    248240    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-09-26 22:53:06    134944    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 14:30:48.94 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:15 PM

Posted 28 December 2013 - 10:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518452 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:15 PM

Posted 02 January 2014 - 12:18 PM

Hello LEAMIE22

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
     
  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Download and Run OTC

We will now remove the tools previously used to to get a clean start. OTC.


  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

2.


  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.


  •  
  • Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

Things to include in your next reply::
Roguekiller log
mbar-log.txt
syestem-log.txt
Still get the warnings from MSSE?


Edited by fireman4it, 02 January 2014 - 12:20 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 04 January 2014 - 01:45 AM

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Liam [Admin rights]
Mode : Scan -- Date : 01/04/2014 17:36:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Laivetefneemp ("C:\Users\Liam\AppData\Roaming\Ylinad\aqevt.exe" [x]) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][SUSP PATH] Security Center Update - 2284274408 : C:\Users\Liam\AppData\Roaming\Widydu\abuvly.exe [x] -> FOUND
[V2][SUSP PATH] Security Center Update - 3108590712 : C:\Users\Liam\AppData\Roaming\Anqiir\rewuiv.exe [x] -> FOUND
[V2][SUSP PATH] Security Center Update - 86754275 : C:\Users\Liam\AppData\Roaming\Eguhiwex\usapul.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com practivate.adobe.ipp activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com
127.0.0.1 practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe 3dns-2.adobe.com www.wip4.adobe.com 3dns-3.adobe.com
127.0.0.1 crl.verisign.net adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com wip4.adobe.com lm.licenses.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com
127.0.0.1 www.wip1.adobe.com adobeereg.com lmlicenses.wip4.adobe.com www.wip2.adobe.com ereg.wip2.adobe.com www.wip.adobe.com wip2.adobe.com practivate.adobe.newoa wwis-dubc1-vip60.adobe.com
127.0.0.1 wip.adobe.com adobe-dns-3.adobe.com www.adobeereg.com practivate.adobe.com activate-sea.adobe.com activate.wip3.adobe.com activate.adobe.com adobe-dns-2.adobe.com www.wip3.adobe.com
127.0.0.1 hl2rcv.adobe.com ereg.wip3.adobe.com ereg.wip1.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA KINGSTON SH103S3 SCSI Disk Device +++++
--- User ---
[MBR] f539a56ebe2ba4d640bae4cc9dd13bb4
[BSP] 4f132d55508c5fd06673083bb044913e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 283 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581632 | Size: 114188 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ATA WDC WD10EZEX-00R SCSI Disk Device +++++
--- User ---
[MBR] 8392526e485e2644aeb90eafd4341a98
[BSP] bb3374b7f0e29f68163a34b051347ba7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01042014_173650.txt >>



 


Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2014.01.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Liam :: LIAM-PC [administrator]

4/01/2014 5:38:26 PM
mbar-log-2014-01-04 (17-38-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 224374
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 17113276416, free: 10668642304

Downloaded database version: v2013.12.22.01
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
     12/22/2013 13:07:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\ole32.dll
\Windows\System32\advapi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\psapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\difxapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa801059a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xfffffa80100baa10
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800cdcb790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa800caac9c0
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800cdc5790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa800caaa6f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800cdc5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cdc52c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cdc5790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc8ca90, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800caaa6f0, DeviceName: \Device\00000063\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4A3C237

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 579584
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 581632  Numsec = 233857024

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800cdcb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cdcb2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cdcb790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc8dc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800caac9c0, DeviceName: \Device\00000064\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FF700588

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa801059a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801059ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa801059a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80100beaa0, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa80100baa10, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 32  Numsec = 7821280

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 4004511744 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_2_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.16476

Java version: 1.6.0_31

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.400000 GHz
Memory total: 17113276416, free: 14718959616

Downloaded database version: v2014.01.04.01
Downloaded database version: v2013.12.18.01
=======================================
Initializing...
------------ Kernel report ------------
     01/04/2014 17:38:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\iaStorA.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\asahci64.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\DRIVERS\iaStorF.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\AsrAppCharger.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\e1d62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ISCTD64.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\AVer330C875.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\ikbevent.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\imsevent.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WPRO_41_2001.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\msctf.dll
\Windows\System32\shlwapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800cf48790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa800cae97e0
Lower Device Driver Name: \Driver\iaStorA\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800cf42790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa800cae9060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800cf42790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf422c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cf42790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc5bc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800cae9060, DeviceName: \Device\00000063\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A4A3C237

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 579584
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 581632  Numsec = 233857024

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-234421648-234441648)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa800cf48790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800cf482c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800cf48790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800cc5b860, DeviceName: Unknown, DriverName: \Driver\iaStorF\
DevicePointer: 0xfffffa800cae97e0, DeviceName: \Device\00000064\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FF700588

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616
    Partition file system is NTFS
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_1_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam...
Removal finished
 



#5 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 04 January 2014 - 01:52 AM

MSSE is still detecting the Rovnix virus

If it is any help, MSSE doesn't detect the virus with a quick scan but when I force it to do a custom scan on the C: drive it always detects it



#6 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 04 January 2014 - 06:36 AM

The following error occurred: Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator.

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta
file:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta->[Obfuscator]
 

I was advised to use TDSSKiller by a previous admin and for some reason TDSS quarantine appears in the MSSE report after a scan



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:15 PM

Posted 04 January 2014 - 11:24 AM

 

containerfile:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta
file:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta->[Obfuscator]

This is what msse is probably picking up we will get rid of all these now.

 

 

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

 

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Fix Host 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

 

 

3.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

 

 

 

3.

Once you have done these step please run a full scan with MSSE again and see if it still picks up Rovnix virus. If it does please note the file it is saying is infected.

 

 

Things to include in the next reply::

Roguekiller log

MSSE still detecting Rovnix ?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 04 January 2014 - 10:10 PM

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Liam [Admin rights]
Mode : Remove -- Date : 01/05/2014 14:08:21
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ATA KINGSTON SH103S3 SCSI Disk Device +++++
--- User ---
[MBR] f539a56ebe2ba4d640bae4cc9dd13bb4
[BSP] 4f132d55508c5fd06673083bb044913e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 283 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 581632 | Size: 114188 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ATA WDC WD10EZEX-00R SCSI Disk Device +++++
--- User ---
[MBR] 8392526e485e2644aeb90eafd4341a98
[BSP] bb3374b7f0e29f68163a34b051347ba7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_01052014_140821.txt >>
RKreport[0]_S_01052014_140813.txt


RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Liam [Admin rights]
Mode : HOSTSFix -- Date : 01/05/2014 14:09:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1    localhost


Finished : << RKreport[0]_H_01052014_140939.txt >>
RKreport[0]_D_01052014_140821.txt;RKreport[0]_S_01052014_140813.txt;RKreport[0]_S_01052014_140935.txt




 



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:15 PM

Posted 04 January 2014 - 11:50 PM

MSSE still reporting Ronvix?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 05 January 2014 - 05:46 AM

Virus:DOS/Rovnix.W | Severe | Active

Category: Virus

Description: This program is dangerous and replicates by infecting other files.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta
file:C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta->[Obfuscator]

 

And after trying to apply a REMOVE action:

The following error occurred: Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:15 PM

Posted 05 January 2014 - 12:34 PM

1.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 07 January 2014 - 04:15 AM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c68e4d4a279a274ab8f6e4e16412d83c
# engine=16361
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-22 09:54:52
# local_time=2013-12-22 08:54:52 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10760739 139339542 0 0
# scanned=412433
# found=23
# cleaned=23
# scan_time=23072
sh=430E8085FA487E24D6B4D1DAB85026B95EC58D8E ft=1 fh=2a439b366c0239f2 vn="Win32/TrojanDownloader.Zortob.B trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Local\fdavexes.exe"
sh=2E12854BE2C8A5043EAE42AF81EEE79230636C95 ft=1 fh=a822929c946efdb1 vn="a variant of Win32/Injector.AUAW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Local\qaksuqgh.exe"
sh=1E6DE01B2CE574CDA43C3050A431EFA356304117 ft=1 fh=d0249c449eca16a0 vn="a variant of Win32/Injector.AUAW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Local\Temp\Java_Update_33979c7d.exe"
sh=1E6DE01B2CE574CDA43C3050A431EFA356304117 ft=1 fh=d0249c449eca16a0 vn="a variant of Win32/Injector.AUAW trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Local\Temp\Java_Update_ac1900d5.exe"
sh=D5416FB4B6D80A0019D5DB940404FCEF852DBFC7 ft=1 fh=a91d5e0349c8218e vn="Win32/Spy.Zbot.ABA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Roaming\Anqiir\rewuiv.exe"
sh=6144459930D139A44DFDF944D27359F34C570619 ft=1 fh=7d40715249c8218e vn="Win32/Spy.Zbot.ABA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Roaming\Eguhiwex\usapul.exe"
sh=5D7765CC4AB7E2553B9025DC8EDD4C4CE66545AF ft=1 fh=633e6be749c8218e vn="Win32/Spy.Zbot.ABA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Liam\AppData\Roaming\Ylinad\aqevt.exe"
sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="E:\Liam\Downloads\ccsetup404.exe"
sh=8A72F448F17C026A1B2A59686DE720079CCBA08F ft=1 fh=4d4a711952b3453e vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\Liam\Downloads\DTLite4481-0347.exe"
sh=363F1AC0BF6514C3ACEC2A72692BC7B3480E25EE ft=1 fh=9840bf1f917718f4 vn="a variant of Win32/InstallCore.FJ application (cleaned by deleting - quarantined)" ac=C fn="E:\Liam\Downloads\WinZip175_mfse_fah.exe"
sh=6CA96D0806945D72F90FC41398A9C27558136994 ft=1 fh=95c22a7e3a01af03 vn="Win32/CMDOW.143 application (cleaned by deleting - quarantined)" ac=C fn="E:\Liam\STEAM\Jedi Knights_Jedi Academy\KotFSetup.exe"
sh=DFE04E668706761AF9AF70A60BBD8F0CE03112C4 ft=1 fh=2737a2e95f4079a8 vn="a variant of Win32/HackTool.Crack.B application (cleaned by deleting - quarantined)" ac=C fn="E:\Liam\Users\Liam\Desktop\GEAMES\Antichamber.v1.0.cracked-THETA\Antichamber.exe"
sh=63ADB2CF1448D35E717A216EE914A28A9495DC45 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.B application (deleted - quarantined)" ac=C fn="E:\LIAM-PC\Backup Set 2013-08-06 174729\Backup Files 2013-08-11 190000\Backup files 28.zip"
sh=84EC6E32E5E352C91094CBDE8A1A9F208B45942D ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D application (deleted - quarantined)" ac=C fn="E:\LIAM-PC\Backup Set 2013-08-06 174729\Backup Files 2013-08-11 190000\Backup files 9.zip"
sh=6866A966A3DBD9E0F9F18895988D9D0B68D68D3B ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D application (deleted - quarantined)" ac=C fn="E:\LIAM-PC\Backup Set 2013-08-26 204908\Backup Files 2013-08-26 204908\Backup files 7.zip"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
sh=1E00782FEC3CA539AE30F866502633FF550356C6 ft=1 fh=46da0b21d76c5220 vn="a variant of Win32/Toolbar.Conduit.P application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze_Remote\ldrtbVuze.dll"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll"
sh=4C5834A9F0D646B35A7719A4E352093C0240BA5F ft=1 fh=f68058267a38e609 vn="a variant of Win32/Toolbar.Conduit.B application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze_Remote\tbVuze.dll"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q application (cleaned by deleting - quarantined)" ac=C fn="E:\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Spy.Zbot.ABA trojan (contained infected files)" ac=C fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c68e4d4a279a274ab8f6e4e16412d83c
# engine=16367
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-23 06:29:05
# local_time=2013-12-23 05:29:05 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 10834792 139413595 0 0
# scanned=78441
# found=0
# cleaned=0
# scan_time=1620
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=c68e4d4a279a274ab8f6e4e16412d83c
# engine=16541
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-07 08:55:10
# local_time=2014-01-07 07:55:10 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 12143157 140718360 0 0
# scanned=390570
# found=0
# cleaned=0
# scan_time=5864
 



#13 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 07 January 2014 - 04:17 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Liam (administrator) on LIAM-PC on 07-01-2014 20:16:30
Running from E:\Liam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(LogMeIn Inc.) E:\Program Files (x86)\hamachi-2.exe
(LogMeIn, Inc.) E:\Program Files (x86)\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {a66a2fdc-6939-11e3-8b2d-bc5ff4b8d9ac} - G:\RunGame.exe

==================== Internet (Whitelisted) ====================

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.oracle.com/update/1.6.0/jinstall-6u31-windows-i586.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 61.9.134.49 61.9.133.193
Tcpip\..\Interfaces\{F697CF68-6DA3-436A-804C-E32D749D2A87}: [NameServer]208.67.222.222

FireFox:
========
FF ProfilePath: C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\2jhcpstm.default
FF NewTab: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Users\Liam\Desktop\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Users\Liam\Desktop\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Liam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\2jhcpstm.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==================== Services (Whitelisted) =================

R2 AVerRECentral; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe [355840 2013-05-09] (AVerMedia)
R2 Hamachi2Svc; E:\Program Files (x86)\hamachi-2.exe [2210640 2013-11-29] (LogMeIn Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182248 2013-03-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-11-29] ()

==================== Drivers (Whitelisted) ====================

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R3 AVer330C875; C:\Windows\System32\DRIVERS\AVer330C875.sys [1504512 2013-05-29] (AVerMedia TECHNOLOGIES, Inc.)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [358400 2013-05-09] (C-Media Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-20] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-22] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-03-14] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-03-14] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-03-14] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-07] ()
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 20:16 - 2014-01-07 20:16 - 00000000 ____D C:\FRST
2014-01-04 17:46 - 2014-01-04 17:46 - 00000000 ____D C:\Users\Liam\Desktop\ANTIVIRUS FILES AND NOTES
2014-01-04 17:36 - 2014-01-05 14:09 - 10278912 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 01504512 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Windows\system32\Drivers\AVer330C875.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00786056 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00678384 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00496400 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00366216 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00358400 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUSBDAC.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00163552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iANSW60e.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00073984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00049048 _____ (Asmedia Technology) C:\Windows\system32\Drivers\asahci64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00046568 _____ C:\Windows\system32\Drivers\ISCTD64.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00033616 _____ (Intel Corporation ) C:\Windows\system32\Drivers\iqvw64e.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00025600 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\XENfiltv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00021048 _____ C:\Windows\system32\Drivers\imsevent.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00021048 _____ C:\Windows\system32\Drivers\ikbevent.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00020616 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00017192 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\AsrAppCharger.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-04 17:36 - 2014-01-05 14:09 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-23 17:42 - 2014-01-07 20:11 - 00002744 _____ C:\Windows\setupact.log
2013-12-23 17:42 - 2014-01-07 18:12 - 00004336 _____ C:\Windows\PFRO.log
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-22 14:27 - 2013-12-22 14:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-22 14:15 - 2013-12-22 14:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 14:07 - 2013-12-22 14:23 - 00000000 ____D C:\AdwCleaner
2013-12-22 13:13 - 2013-12-22 13:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-22 13:06 - 2014-01-04 17:37 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-22 12:51 - 2014-01-07 18:12 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-12-22 00:53 - 2013-12-22 00:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-22 00:53 - 2013-12-22 00:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-21 23:10 - 2013-12-22 13:03 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 23:10 - 2013-12-22 13:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 23:10 - 2013-12-21 23:10 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Malwarebytes
2013-12-21 23:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-21 22:14 - 2013-12-22 17:06 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Eguhiwex
2013-12-21 22:09 - 2013-12-22 17:06 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Anqiir
2013-12-21 22:08 - 2013-12-23 12:21 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Ylinad
2013-12-21 22:05 - 2013-12-21 22:05 - 00012326 _____ C:\Users\Liam\AppData\Local\xbbltgom
2013-12-21 22:04 - 2013-12-21 22:04 - 00067992 _____ C:\Users\Liam\AppData\Local\kdjsjlir
2013-12-21 22:03 - 2013-12-21 22:03 - 00000000 _____ C:\Users\Liam\AppData\Roaming\SharedSettings.ccs
2013-12-21 17:45 - 2013-12-21 17:45 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 16:09 - 2013-12-21 16:10 - 00034816 ___SH C:\Users\Liam\Documents\Thumbs.db
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 __RHD C:\MSOCache
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Users\Liam\AppData\Local\Microsoft Help
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-20 21:48 - 2013-12-20 21:48 - 00000501 _____ C:\Users\Liam\Desktop\New Volume (E) - Shortcut.lnk
2013-12-20 17:51 - 2013-12-20 22:32 - 00000000 ____D C:\Users\Liam\AppData\Local\NFS Underground 2
2013-12-20 17:33 - 2013-12-23 11:52 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-20 16:46 - 2013-12-20 16:46 - 00000894 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-12-20 16:44 - 2013-12-20 16:44 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-12-20 16:22 - 2013-12-21 22:44 - 00000000 ____D C:\Users\Liam\AppData\Roaming\DAEMON Tools Lite
2013-12-20 16:13 - 2013-12-20 16:13 - 00000000 ____D C:\Users\Liam\AppData\Local\Google
2013-12-20 16:06 - 2013-12-20 16:06 - 00000826 _____ C:\Users\Liam\Desktop\Revo Uninstaller.lnk
2013-12-20 15:07 - 2013-12-20 16:16 - 00000000 ____D C:\Users\Liam\AppData\Local\WinZip
2013-12-20 12:16 - 2013-12-20 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 11:27 - 2013-12-20 11:28 - 00000000 ____D C:\Users\Liam\AppData\Roaming\.minecraft
2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-13 23:18 - 2013-05-10 16:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 23:18 - 2013-05-10 16:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 23:18 - 2013-05-10 15:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 23:18 - 2013-05-10 15:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 23:17 - 2013-11-26 22:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 23:17 - 2013-11-26 21:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 23:17 - 2013-11-26 21:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 23:17 - 2013-11-26 21:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 23:17 - 2013-11-26 20:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 23:17 - 2013-11-26 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 23:17 - 2013-11-26 20:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 23:17 - 2013-11-26 20:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 23:17 - 2013-11-26 20:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 23:17 - 2013-11-26 20:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 23:17 - 2013-11-26 20:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 23:17 - 2013-11-26 20:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 23:17 - 2013-11-26 20:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 23:17 - 2013-11-26 20:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 23:17 - 2013-11-26 19:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 23:17 - 2013-11-26 19:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 23:17 - 2013-11-26 19:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 23:17 - 2013-11-26 19:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 23:17 - 2013-11-26 19:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 23:17 - 2013-11-26 19:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 23:17 - 2013-11-26 19:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 23:17 - 2013-11-26 19:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 23:17 - 2013-11-26 18:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 23:17 - 2013-11-26 18:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 23:17 - 2013-11-26 18:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 23:17 - 2013-11-26 18:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 23:17 - 2013-11-26 17:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 23:17 - 2013-11-26 17:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 23:17 - 2013-11-26 17:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 23:17 - 2013-11-26 17:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 23:17 - 2013-11-26 17:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 21:55 - 2013-12-13 21:55 - 00003262 _____ C:\Windows\System32\Tasks\{48C527DE-22E2-425A-AC75-61AB8E323CA3}
2013-12-13 21:53 - 2013-11-24 05:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-13 21:53 - 2013-11-24 04:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 21:53 - 2013-11-12 13:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 21:53 - 2013-11-12 13:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 21:53 - 2013-10-30 13:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 21:53 - 2013-10-30 13:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 21:53 - 2013-10-30 12:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 21:53 - 2013-10-19 13:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 21:53 - 2013-10-19 12:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 21:53 - 2013-10-12 13:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 21:53 - 2013-10-12 13:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 21:53 - 2013-10-12 13:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 21:53 - 2013-10-12 13:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 21:53 - 2013-10-12 12:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 21:53 - 2013-10-12 12:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 21:53 - 2013-10-12 12:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 21:53 - 2013-10-12 12:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-13 21:53 - 2013-10-04 13:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 21:53 - 2013-10-04 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-07 20:16 - 2014-01-07 20:16 - 00000000 ____D C:\FRST
2014-01-07 20:11 - 2013-12-23 17:42 - 00002744 _____ C:\Windows\setupact.log
2014-01-07 20:11 - 2013-08-06 16:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 19:56 - 2013-08-01 13:33 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-07 19:37 - 2013-08-01 13:27 - 01576056 _____ C:\Windows\WindowsUpdate.log
2014-01-07 18:19 - 2009-07-14 15:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-07 18:19 - 2009-07-14 15:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-07 18:16 - 2009-07-14 16:13 - 00728132 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-07 18:12 - 2013-12-23 17:42 - 00004336 _____ C:\Windows\PFRO.log
2014-01-07 18:12 - 2013-12-22 12:51 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-01-07 18:12 - 2013-08-01 13:34 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-01-07 18:12 - 2013-08-01 13:33 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-07 18:12 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-05 21:44 - 2013-09-10 21:38 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000UA.job
2014-01-05 21:44 - 2013-09-10 21:38 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000Core.job
2014-01-05 14:09 - 2014-01-04 17:36 - 10278912 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 01504512 _____ (AVerMedia TECHNOLOGIES, Inc.) C:\Windows\system32\Drivers\AVer330C875.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00786056 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00678384 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorA.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00496400 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d62x64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00366216 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00358400 _____ (C-Media Inc.) C:\Windows\system32\Drivers\CMUSBDAC.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00163552 _____ (Intel Corporation) C:\Windows\system32\Drivers\iANSW60e.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00073984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00064624 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00049048 _____ (Asmedia Technology) C:\Windows\system32\Drivers\asahci64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00046568 _____ C:\Windows\system32\Drivers\ISCTD64.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00033616 _____ (Intel Corporation ) C:\Windows\system32\Drivers\iqvw64e.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00028656 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorF.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00025600 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\XENfiltv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00021048 _____ C:\Windows\system32\Drivers\imsevent.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00021048 _____ C:\Windows\system32\Drivers\ikbevent.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00020616 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00017192 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\AsrAppCharger.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-05 14:09 - 2014-01-04 17:36 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-04 22:23 - 2013-08-07 16:55 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-04 17:46 - 2014-01-04 17:46 - 00000000 ____D C:\Users\Liam\Desktop\ANTIVIRUS FILES AND NOTES
2014-01-04 17:37 - 2013-12-22 13:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-24 15:15 - 2013-08-24 16:32 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-12-23 17:42 - 2013-12-23 17:42 - 00000000 _____ C:\Windows\setuperr.log
2013-12-23 17:42 - 2009-07-14 16:08 - 00032654 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-23 12:21 - 2013-12-21 22:08 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Ylinad
2013-12-23 11:52 - 2013-12-20 17:33 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-12-22 17:06 - 2013-12-21 22:14 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Eguhiwex
2013-12-22 17:06 - 2013-12-21 22:09 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Anqiir
2013-12-22 14:27 - 2013-12-22 14:27 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-22 14:23 - 2013-12-22 14:07 - 00000000 ____D C:\AdwCleaner
2013-12-22 14:15 - 2013-12-22 14:15 - 00000000 ____D C:\Windows\ERUNT
2013-12-22 13:13 - 2013-12-22 13:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-12-22 13:03 - 2013-12-21 23:10 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-22 13:03 - 2013-12-21 23:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-22 00:53 - 2013-12-22 00:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-22 00:53 - 2013-12-22 00:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-12-22 00:53 - 2013-08-06 18:04 - 00001945 _____ C:\Windows\epplauncher.mif
2013-12-21 23:10 - 2013-12-21 23:10 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Malwarebytes
2013-12-21 22:44 - 2013-12-20 16:22 - 00000000 ____D C:\Users\Liam\AppData\Roaming\DAEMON Tools Lite
2013-12-21 22:44 - 2013-09-10 21:39 - 00000000 ____D C:\Users\Liam\AppData\Local\CrashDumps
2013-12-21 22:44 - 2013-08-30 21:21 - 00000000 ____D C:\Users\Liam\AppData\Local\LogMeIn Hamachi
2013-12-21 22:44 - 2013-08-11 14:18 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Azureus
2013-12-21 22:44 - 2012-10-04 06:24 - 00000000 ____D C:\Windows\Panther
2013-12-21 22:25 - 2013-08-20 18:01 - 00109296 _____ C:\Users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-21 22:16 - 2009-07-14 15:45 - 05034960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-21 22:05 - 2013-12-21 22:05 - 00012326 _____ C:\Users\Liam\AppData\Local\xbbltgom
2013-12-21 22:04 - 2013-12-21 22:04 - 00067992 _____ C:\Users\Liam\AppData\Local\kdjsjlir
2013-12-21 22:03 - 2013-12-21 22:03 - 00000000 _____ C:\Users\Liam\AppData\Roaming\SharedSettings.ccs
2013-12-21 17:53 - 2013-08-20 17:53 - 00000000 ____D C:\Users\Liam\AppData\Local\Adobe
2013-12-21 17:53 - 2013-08-20 17:52 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Adobe
2013-12-21 17:45 - 2013-12-21 17:45 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-21 17:45 - 2013-08-20 17:58 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-21 16:10 - 2013-12-21 16:09 - 00034816 ___SH C:\Users\Liam\Documents\Thumbs.db
2013-12-21 16:04 - 2009-07-14 16:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 __RHD C:\MSOCache
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Users\Liam\AppData\Local\Microsoft Help
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-12-21 16:03 - 2013-12-21 16:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-12-21 16:03 - 2009-07-14 18:45 - 00000000 ____D C:\Windows\ShellNew
2013-12-21 16:03 - 2009-07-14 14:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-21 16:03 - 2009-07-14 13:34 - 00000478 _____ C:\Windows\win.ini
2013-12-21 01:23 - 2013-10-30 22:38 - 00000000 ____D C:\Users\Liam\AppData\Roaming\vlc
2013-12-20 22:32 - 2013-12-20 17:51 - 00000000 ____D C:\Users\Liam\AppData\Local\NFS Underground 2
2013-12-20 21:48 - 2013-12-20 21:48 - 00000501 _____ C:\Users\Liam\Desktop\New Volume (E) - Shortcut.lnk
2013-12-20 16:46 - 2013-12-20 16:46 - 00000894 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-12-20 16:44 - 2013-12-20 16:44 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-12-20 16:43 - 2013-08-06 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 16:43 - 2013-08-01 13:33 - 00000000 ____D C:\Program Files\Google
2013-12-20 16:43 - 2013-08-01 13:33 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-20 16:16 - 2013-12-20 15:07 - 00000000 ____D C:\Users\Liam\AppData\Local\WinZip
2013-12-20 16:13 - 2013-12-20 16:13 - 00000000 ____D C:\Users\Liam\AppData\Local\Google
2013-12-20 16:06 - 2013-12-20 16:06 - 00000826 _____ C:\Users\Liam\Desktop\Revo Uninstaller.lnk
2013-12-20 12:34 - 2013-08-10 21:21 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-20 12:16 - 2013-12-20 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 11:28 - 2013-12-20 11:27 - 00000000 ____D C:\Users\Liam\AppData\Roaming\.minecraft
2013-12-20 01:24 - 2013-08-15 00:48 - 00000000 ____D C:\Windows\system32\MRT
2013-12-20 01:23 - 2013-08-10 15:55 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-19 22:51 - 2013-08-01 13:33 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-19 22:51 - 2013-08-01 13:33 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-19 22:46 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-14 21:23 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-12-14 20:13 - 2013-12-14 20:13 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-13 23:11 - 2013-08-06 16:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 23:11 - 2013-08-06 16:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-13 23:11 - 2013-08-06 16:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 21:57 - 2013-10-30 22:38 - 00000566 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-13 21:55 - 2013-12-13 21:55 - 00003262 _____ C:\Windows\System32\Tasks\{48C527DE-22E2-425A-AC75-61AB8E323CA3}

Some content of TEMP:
====================
C:\Users\Liam\AppData\Local\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-04 18:21

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Liam at 2014-01-07 20:16:42
Running from E:\Liam\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (x32 Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.8.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (Version:  - ASRock Inc.)
Assassin's Creed IV Black Flag (x32 Version:  - Ubisoft)
AVerMedia C875 Live Gamer Portable 3.7.64.10 (x32 Version: 3.7.64.10 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.45 - AVerMedia Technologies, Inc.)
AVerMedia RECentral (x32 Version: 1.3.0.45 - AVerMedia Technologies, Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Castle Story (x32 Version:  - Sauropod Studio)
CCleaner (Version: 4.04 - Piriform)
Contagion (x32 Version:  - Monochrome LLC)
Counter-Strike: Source (x32 Version:  - Valve)
Creative System Information (x32 Version: 1.10 - Creative Technology Limited)
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
ESET Online Scanner v3 (x32 Version:  - )
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287 - Skype Limited)
Force Feedback Driver for XInput (Version: 6.1.7600.16385 - Masahiko Morii)
Garry's Mod (x32 Version:  - Garry)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Half-Life 2 (x32 Version:  - Valve)
Half-Life 2: Lost Coast (x32 Version:  - Valve)
Halo Combat Evolved (x32 Version:  - )
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36702 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.2.63.0 (Version: 18.2.63.0 - Intel)
Intel® Network Connections 18.2.63.0 (Version: 18.2.63.0 - Intel) Hidden
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® Smart Connect Technology 4.1 x64 (Version: 4.1.40.2143 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (x32 Version: 6.0.310 - Oracle)
Left 4 Dead 2 (x32 Version:  - Valve)
Left 4 Dead 2 Beta (x32 Version:  - )
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.109 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0 - Microsoft)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
No More Room in Hell (x32 Version:  - No More Room in Hell Team)
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (x32 Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
PlanetSide 2 (x32 Version:  - Sony Online Entertainment)
Project64 1.6 (x32 Version: 1.6 - Project64)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7 - VS Revo Group, Ltd.)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.7 (x32 Version: 6.7.102 - Skype Technologies S.A.)
Sleeping Dogs™ (x32 Version:  - United Front Games)
Sound Blaster Tactic(3D) Sigma (x32 Version: 1.0 - Creative Technology Limited)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab CYRI (x32 Version: 6.0.7.0 - Husdawg, LLC)
Team Fortress 2 (x32 Version:  - Valve)
The Elder Scrolls V: Skyrim (x32 Version:  - Bethesda Game Studios)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Uplay (x32 Version: 4.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Vuze (Version: 5.0.0.0 - Azureus Software, Inc.)
XSplit Broadcaster (x32 Version: 1.3.1310.1103 - SplitMediaLabs)

==================== Restore Points  =========================

05-01-2014 03:13:56 Custom to remove virus
05-01-2014 08:00:02 Windows Backup
07-01-2014 07:22:52 Windows Update

==================== Hosts content: ==========================

2013-08-20 16:48 - 2014-01-05 14:09 - 00000741 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01A9D7DD-7ADC-44E5-83CE-2B0D61C875D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-23] (Piriform Ltd)
Task: {3AA0D704-B82B-4837-853F-FD9735FF97B7} - \Security Center Update - 1927749786 No Task File
Task: {439B853C-4536-4DA1-9985-A22C3F58ADB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {44AD4266-EF8C-4B74-98F5-7D173246B430} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {650628AD-718E-44D7-96E2-E0E689973D9D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-06-14] (Intel Corporation)
Task: {8E33E827-6B2F-4777-9A0C-AC982D8C62EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-01] (Google Inc.)
Task: {B462FECC-4BD8-451E-A778-39427AE65C47} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000UA => C:\Users\Liam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-10] (Facebook Inc.)
Task: {C5DF6805-2E47-43CE-A8E3-2F2FF0DF284A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-13] (Adobe Systems Incorporated)
Task: {E34F8F98-F88C-4AE2-A557-7D90383C2282} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {EC6B3D29-7584-4463-8C55-39A7E472C30F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FEDBD982-58C3-48AD-93D7-8D3D5A85DC52} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000Core => C:\Users\Liam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-10] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000Core.job => C:\Users\Liam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3941516963-4077664033-3069808876-1000UA.job => C:\Users\Liam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-20 12:16 - 2013-12-20 12:16 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-01 13:30 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25081939.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25081939.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2014 08:14:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2014 08:13:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2014 06:15:39 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/07/2014 06:15:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/05/2014 07:16:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/05/2014 07:00:29 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040).

Error: (01/04/2014 06:21:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/04/2014 05:47:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/04/2014 05:47:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/04/2014 05:44:56 PM) (Source: Windows Backup) (User: )
Description: The backup was not successful. The error is: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040).


System errors:
=============
Error: (01/07/2014 07:36:04 PM) (Source: NetBT) (User: )
Description: The name "LIAM-PC        :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.17 did not allow the name to be claimed by
this computer.

Error: (01/07/2014 07:36:04 PM) (Source: NetBT) (User: )
Description: The name "LIAM-PC        :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.17 did not allow the name to be claimed by
this computer.

Error: (01/07/2014 07:36:04 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F697CF68-6DA3-436A-804C-E32D749D2A87} because another computer on the network has the same name.  The server could not start.

Error: (01/07/2014 07:36:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (01/07/2014 06:12:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/Rovnix.W60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:DOS/Rovnix.W603

    Name: Virus:DOS/Rovnix.W

    ID: 2147684242

    Severity: %Virus:DOS/Rovnix.W600

    Category: %Virus:DOS/Rovnix.W602

    Path: 4.4.0304.02

    Detection Origin: 4.4.0304.04

    Detection Type: 4.4.0304.08

    Detection Source: %Virus:DOS/Rovnix.W608

    User: {353C2CEB-CAE7-4FF8-9559-E307C1D613C8}9

    Process Name: %Virus:DOS/Rovnix.W609

    Action: {353C2CEB-CAE7-4FF8-9559-E307C1D613C8}1

    Action Status:  {353C2CEB-CAE7-4FF8-9559-E307C1D613C8}8

    Error Code: {353C2CEB-CAE7-4FF8-9559-E307C1D613C8}3

    Error description: {353C2CEB-CAE7-4FF8-9559-E307C1D613C8}4

    Signature Version: 2014-01-07T07:12:32.066Z1

    Engine Version: 2014-01-07T07:12:32.066Z2

Error: (01/07/2014 06:12:30 PM) (Source: NetBT) (User: )
Description: The name "LIAM-PC        :20" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.17 did not allow the name to be claimed by
this computer.

Error: (01/07/2014 06:12:30 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{F697CF68-6DA3-436A-804C-E32D749D2A87} because another computer on the network has the same name.  The server could not start.

Error: (01/07/2014 06:12:29 PM) (Source: NetBT) (User: )
Description: The name "LIAM-PC        :0" could not be registered on the interface with IP address 192.168.0.12.
The computer with the IP address 192.168.0.17 did not allow the name to be claimed by
this computer.

Error: (01/05/2014 09:47:51 PM) (Source: Service Control Manager) (User: )
Description: The AVerRECentral service did not shut down properly after receiving a preshutdown control.

Error: (01/05/2014 09:45:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %Virus:DOS/Rovnix.W60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Virus:DOS/Rovnix.W603

    Name: Virus:DOS/Rovnix.W

    ID: 2147684242

    Severity: %Virus:DOS/Rovnix.W600

    Category: %Virus:DOS/Rovnix.W602

    Path: 4.4.0304.02

    Detection Origin: 4.4.0304.04

    Detection Type: 4.4.0304.08

    Detection Source: %Virus:DOS/Rovnix.W608

    User: {0CFE3FEE-4750-4FE4-AFE2-81A5D518EDD4}9

    Process Name: %Virus:DOS/Rovnix.W609

    Action: {0CFE3FEE-4750-4FE4-AFE2-81A5D518EDD4}1

    Action Status:  {0CFE3FEE-4750-4FE4-AFE2-81A5D518EDD4}8

    Error Code: {0CFE3FEE-4750-4FE4-AFE2-81A5D518EDD4}3

    Error description: {0CFE3FEE-4750-4FE4-AFE2-81A5D518EDD4}4

    Signature Version: 2014-01-05T04:06:17.690Z1

    Engine Version: 2014-01-05T04:06:17.690Z2


Microsoft Office Sessions:
=========================
Error: (01/07/2014 08:14:30 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (01/07/2014 08:13:13 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Liam\Downloads\esetsmartinstaller_enu(2).exe

Error: (01/07/2014 06:15:39 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Liam\Downloads\esetsmartinstaller_enu(2).exe

Error: (01/07/2014 06:15:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Liam\Downloads\esetsmartinstaller_enu(2).exe

Error: (01/05/2014 07:16:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/05/2014 07:00:29 PM) (Source: Windows Backup)(User: )
Description: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040)

Error: (01/04/2014 06:21:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/04/2014 05:47:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Liam\Downloads\esetsmartinstaller_enu(1).exe

Error: (01/04/2014 05:47:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Liam\Downloads\esetsmartinstaller_enu.exe

Error: (01/04/2014 05:44:56 PM) (Source: Windows Backup)(User: )
Description: The backup storage location is invalid. You cannot use a volume that is included in the backup as a storage location. (0x80780040)


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 16320.49 MB
Available physical RAM: 13716.89 MB
Total Pagefile: 32639.16 MB
Available Pagefile: 29597.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.51 GB) (Free:56.03 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:308.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A4A3C237)
Partition 1: (Active) - (Size=283 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: FF700588)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:15 PM

Posted 07 January 2014 - 02:54 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   955bytes   6 downloads

 

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 LEAMIE22

LEAMIE22
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 07 January 2014 - 09:15 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-01-2014
Ran by Liam at 2014-01-08 13:15:11 Run:1
Running from C:\Users\Liam\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2013-12-21 22:14 - 2013-12-22 17:06 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Eguhiwex
2013-12-21 22:09 - 2013-12-22 17:06 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Anqiir
2013-12-21 22:08 - 2013-12-23 12:21 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Ylinad
2013-12-21 22:05 - 2013-12-21 22:05 - 00012326 _____ C:\Users\Liam\AppData\Local\xbbltgom
2013-12-21 22:04 - 2013-12-21 22:04 - 00067992 _____ C:\Users\Liam\AppData\Local\kdjsjlir
2013-12-22 17:06 - 2013-12-21 22:14 - 00000000 ____D C:\Users\Liam\AppData\Roaming\Eguhiwex
C:\Users\Liam\AppData\Local\Temp\ntdll_dump.dll
Task: {3AA0D704-B82B-4837-853F-FD9735FF97B7} - \Security Center Update - 1927749786 No Task File
HKCU\...\Run: [AdobeBridge] - [x]
MountPoints2: {a66a2fdc-6939-11e3-8b2d-bc5ff4b8d9ac} - G:\RunGame.exe
C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta
C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta

*****************

C:\Users\Liam\AppData\Roaming\Eguhiwex => Moved successfully.
C:\Users\Liam\AppData\Roaming\Anqiir => Moved successfully.
C:\Users\Liam\AppData\Roaming\Ylinad => Moved successfully.
C:\Users\Liam\AppData\Local\xbbltgom => Moved successfully.
C:\Users\Liam\AppData\Local\kdjsjlir => Moved successfully.
"C:\Users\Liam\AppData\Roaming\Eguhiwex" => File/Directory not found.
C:\Users\Liam\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AA0D704-B82B-4837-853F-FD9735FF97B7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AA0D704-B82B-4837-853F-FD9735FF97B7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 1927749786 => Key deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a66a2fdc-6939-11e3-8b2d-bc5ff4b8d9ac} => Key deleted successfully.
HKCR\CLSID\{a66a2fdc-6939-11e3-8b2d-bc5ff4b8d9ac} => Key not found.
C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta => Moved successfully.
"C:\TDSSKiller_Quarantine\22.12.2013_13.13.29\boot0000\boot0000\tsk0000.dta" => File/Directory not found.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users