Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent Gen-Banker


  • This topic is locked This topic is locked
31 replies to this topic

#1 CasCollins

CasCollins

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 28 December 2013 - 07:33 PM

Found these on my computer today. Can anyone lend some insight into what they are? False positives hopefully? Do I need to change passwords and such? Is my computer still infected?

Attached Files


Edited by CasCollins, 28 December 2013 - 07:33 PM.


BC AdBot (Login to Remove)

 


#2 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 28 December 2013 - 07:37 PM

DDS:
 

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba13.msn.com
uWindow Title = Internet Explorer provided by TOSHIBA
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
mRun: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
mRun: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\6c0837df-bac4-4e57-a791-c9dab77c8ca1.exe /check
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A68301AD-6855-401C-82F8-09AF2A839457} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Wu\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - ExtSQL: 2013-12-15 20:31; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-10-29 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-10-29 205320]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-11 652784]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-6-18 30496]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-6-18 110976]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-10-29 1032416]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-10-29 409832]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-10-29 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-10-29 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-16 50344]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-5-9 16720]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [2013-3-27 163168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-18 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-18 169432]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [2009-9-11 14344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-1-28 322400]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-4-24 109336]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-2-27 119528]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2013-6-18 1544704]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-20 33008]
R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-6-18 499096]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-5-6 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S4 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2013-3-26 216976]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-14 15:01:12 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 15:01:10 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 02:19:47 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-12-12 02:19:47 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-12-12 02:19:45 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-12-12 02:19:45 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-12-12 01:31:54 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-09 03:33:30 -------- d-----w- C:\Users\Wu\AppData\Local\Apple Computer
2013-12-09 03:33:25 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2013-12-09 03:32:56 -------- d-----w- C:\Program Files\iPod
2013-12-09 03:32:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-09 03:32:50 -------- d-----w- C:\Program Files\iTunes
2013-12-09 03:32:50 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-09 03:32:31 -------- d-----w- C:\Users\Wu\AppData\Local\Apple
2013-12-09 03:32:05 -------- d-----w- C:\Program Files\Bonjour
2013-12-09 03:32:05 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-16 15:07:17 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-11-16 15:07:17 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-11-16 15:07:16 43152 ----a-w- C:\windows\avastSS.scr
2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-10-29 23:29:50 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-10-29 23:29:50 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-10-29 23:29:50 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
2013-10-05 06:10:20 285016 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-10-02 23:25:41 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-10-02 02:50:07 447320 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-10-01 23:37:57 1569280 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-10-01 23:37:53 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-10-01 23:26:49 1890816 ----a-w- C:\windows\System32\crypt32.dll
2013-10-01 23:26:45 2304512 ----a-w- C:\windows\System32\authui.dll
2013-10-01 22:22:19 1022976 ----a-w- C:\windows\SysWow64\gdi32.dll
.
============= FINISH: 19:35:56.12 ===============


Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/23/2013 2:40:17 PM
System Uptime: 12/16/2013 5:16:47 PM (290 hours ago)
.
Motherboard: TOSHIBA |  | VG10S
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 863.019 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: USB Video Device
Device ID: USB\VID_04CA&PID_7017&MI_00\6&3560C50D&0&0000
Manufacturer: Microsoft
Name: TOSHIBA Web Camera - HD
PNP Device ID: USB\VID_04CA&PID_7017&MI_00\6&3560C50D&0&0000
Service: usbvideo
.
==== System Restore Points ===================
.
RP20: 12/8/2013 8:04:49 PM - Scheduled Checkpoint
RP21: 12/13/2013 8:32:00 PM - Windows Update
RP22: 12/21/2013 10:31:06 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.05)
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bejeweled 3
Bonjour
CCleaner
Chuzzle Deluxe
Classic Shell
Cross Fire En
DragonNest
DTS Studio Sound
Elementals - The Magic Key
Google Chrome
Google Update Helper
HP Deskjet 3000 J310 series Basic Device Software
IDT Audio Driver
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
iTunes
King Oddball
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser (KB2758694)
Nexon Game Manager
NVIDIA Control Panel 311.41
NVIDIA Graphics Driver 311.41
NVIDIA Install Application
NVIDIA Optimus 1.11.3
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update Components
Origin
Pando Media Booster
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
RaidCall
Realtek WLAN Driver
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
Toshiba Book Place
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA HDD Accelerator
TOSHIBA Password Utility
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
Toshiba Start
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBA VIDEO PLAYER
TOSHIBARegistration
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
WinPatrol
Wonderland Solitaire
.
==== End Of File ===========================
 

 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 07:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518899 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 09:43 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Wu at 9:41:11 on 2014-01-03
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.12200.8413 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\System32\LogonUI.exe
C:\windows\System32\dwm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\windows\System32\LogonUI.exe
C:\windows\System32\dwm.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\System32\LogonUI.exe
C:\windows\System32\dwm.exe
C:\windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\wwahost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://toshiba13.msn.com
uWindow Title = Internet Explorer provided by TOSHIBA
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mWindow Title = Internet Explorer provided by TOSHIBA
mDefault_Page_URL = hxxp://toshiba13.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
mRun: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
mRun: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A68301AD-6855-401C-82F8-09AF2A839457} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://toshiba13.msn.com
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Wu\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - ExtSQL: 2013-12-15 20:31; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-10-29 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-10-29 205320]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-11 652784]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-6-18 30496]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-6-18 110976]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswSnx.sys [2013-10-29 1032416]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-10-29 409832]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\Drivers\aswFsBlk.sys [2013-10-29 38984]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-10-29 84328]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-16 50344]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-5-9 16720]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [2013-3-27 163168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-6-18 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-6-18 169432]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [2009-9-11 14344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-1-28 322400]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-4-24 109336]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-2-27 119528]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\Drivers\rtwlane.sys [2013-6-18 1544704]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-5-20 33008]
R3 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-6-18 499096]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-5-6 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-7-31 53864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S4 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2013-3-26 216976]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-12-31 17:04:32 -------- d-----w- C:\Program Files (x86)\ESET
2013-12-14 15:01:12 23350272 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-14 15:01:10 22615040 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-12 02:19:47 420864 ----a-w- C:\windows\System32\WMPhoto.dll
2013-12-12 02:19:47 368640 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-12-12 02:19:45 312320 ----a-w- C:\windows\System32\msieftp.dll
2013-12-12 02:19:45 273408 ----a-w- C:\windows\SysWow64\msieftp.dll
2013-12-12 01:31:54 62976 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-09 03:33:30 -------- d-----w- C:\Users\Wu\AppData\Local\Apple Computer
2013-12-09 03:33:25 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2013-12-09 03:32:56 -------- d-----w- C:\Program Files\iPod
2013-12-09 03:32:50 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-09 03:32:50 -------- d-----w- C:\Program Files\iTunes
2013-12-09 03:32:50 -------- d-----w- C:\Program Files (x86)\iTunes
2013-12-09 03:32:31 -------- d-----w- C:\Users\Wu\AppData\Local\Apple
2013-12-09 03:32:05 -------- d-----w- C:\Program Files\Bonjour
2013-12-09 03:32:05 -------- d-----w- C:\Program Files (x86)\Bonjour
.
==================== Find3M  ====================
.
2013-12-04 00:53:54 78304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53:54 694240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-16 15:07:17 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-11-16 15:07:17 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-11-16 15:07:16 43152 ----a-w- C:\windows\avastSS.scr
2013-11-06 23:18:57 4036608 ----a-w- C:\windows\System32\win32k.sys
2013-10-29 23:29:50 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-10-29 23:29:50 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-10-29 23:29:50 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-10-25 06:19:12 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-10-19 04:04:07 59392 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-10-10 11:53:35 96600 ----a-w- C:\windows\System32\drivers\wfplwfs.sys
2013-10-10 09:32:09 115712 ----a-w- C:\windows\SysWow64\cscript.exe
2013-10-10 09:30:50 162304 ----a-w- C:\windows\SysWow64\scrobj.dll
2013-10-10 09:30:50 156160 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-10-10 09:24:02 143872 ----a-w- C:\windows\System32\wshom.ocx
2013-10-10 09:23:41 146944 ----a-w- C:\windows\System32\cscript.exe
2013-10-10 09:22:46 222720 ----a-w- C:\windows\System32\scrobj.dll
2013-10-10 09:22:46 194048 ----a-w- C:\windows\System32\scrrun.dll
2013-10-10 09:21:20 1160192 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\windows\System32\BFE.DLL
2013-10-08 22:30:32 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-10-08 22:30:17 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-10-08 22:30:17 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-10-08 22:28:11 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-10-08 22:27:56 99328 ----a-w- C:\windows\System32\wudriver.dll
2013-10-08 22:27:56 252928 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2013-10-08 22:27:56 1622016 ----a-w- C:\windows\System32\wucltux.dll
2013-10-08 22:27:56 142848 ----a-w- C:\windows\System32\wuwebv.dll
2013-10-08 22:27:45 175104 ----a-w- C:\windows\System32\storewuauth.dll
.
============= FINISH:  9:41:35.16 ===============


I do not know if I still have my CD


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 03 January 2014 - 10:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
==============

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#6 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 10:19 AM

Hello Nasdaq! Thank you for helping me out. Here is the RogueKiller report. Working on the others now.

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Wu [Admin rights]
Mode : Remove -- Date : 01/03/2014 10:17:43
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) HGST HTS541010A9E680 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )
 
Finished : << RKreport[0]_D_01032014_101743.txt >>
RKreport[0]_S_01032014_101634.txt


#7 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 10:30 AM

Here is the ADWCleaner report: I kept my browser preferences.
 

# AdwCleaner v3.016 - Report created 03/01/2014 at 10:19:21
# Updated 23/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Wu - Name
# Running from : C:\Users\Wu\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.41
 
[ File : C:\Users\Wu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1291 octets] - [31/08/2013 18:27:50]
AdwCleaner[R1].txt - [1581 octets] - [16/12/2013 17:14:52]
AdwCleaner[R2].txt - [1097 octets] - [28/12/2013 20:37:49]
AdwCleaner[R3].txt - [898 octets] - [03/01/2014 10:19:21]
AdwCleaner[S0].txt - [1256 octets] - [31/08/2013 18:28:27]
AdwCleaner[S1].txt - [1563 octets] - [16/12/2013 17:15:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1077 octets] ##########

Here is the JRT log: I denied a registry backup by accident. Can perform a new scan if you need it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 8 x64
Ran by Wu on Fri 01/03/2014 at 10:21:57.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/03/2014 at 10:26:00.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by CasCollins, 04 January 2014 - 10:26 AM.


#8 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 10:35 AM

After the restart, computer and a folder with my user account name appeared on the desktop.

Here is the SecurityCheck:
 

 Results of screen317's Security Check version 0.99.78  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Reader XI  
 Mozilla Firefox 25.0.1 Firefox out of Date!  
 Google Chrome 31.0.1650.57  
 Google Chrome 32.0.1700.41  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 03 January 2014 - 11:29 AM

After the restart, computer and a folder with my user account name appeared on the desktop.

Can you open the folder and find out what it contains?

#10 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 12:25 PM

.swt, contacts, desktop, downloads, favorites, links, my documents, my music, my pictures, my videos, saved games, search. > All of them are folders themselves.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 03 January 2014 - 01:44 PM

Delete the downloads and keep it in the Recycle bin.

Restart the computer normally.

Find out if your downloads folder in it's normal location is still around.

Keep me posted.

#12 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 03 January 2014 - 02:14 PM

I deleted the downloads folder and a new one appeared in the folder(username). After restarting there is no downloads folder in the folder(username). I tried to access this folder through the side bar of computer and it gave me an error message.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 04 January 2014 - 07:37 AM

Run the tool and post the log for my review.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#14 CasCollins

CasCollins
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 AM

Posted 04 January 2014 - 10:25 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014
Ran by Wu (administrator) on Name on 04-01-2014 10:18:53
Running from C:\Users\Wu\Documents\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM-x32\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-19] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] - C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-16] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [436800 2013-07-15] (BillP Studios)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [4287536 2013-08-12] ()
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [6563096 2013-12-21] (SUPERAntiSpyware)
HKU\Default\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe"
HKU\Default User\...\Run: [Pokki] - "%LOCALAPPDATA%\Pokki\Engine\pokki.exe"
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {CE1804D7-FCB5-4621-9BC3-D7F939EDC56D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM - {CE1804D7-FCB5-4621-9BC3-D7F939EDC56D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKLM-x32 - {CE1804D7-FCB5-4621-9BC3-D7F939EDC56D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATBJS
SearchScopes: HKCU - {CE1804D7-FCB5-4621-9BC3-D7F939EDC56D} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Wu\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: WOT - C:\Users\Wu\AppData\Roaming\Mozilla\Firefox\Profiles\a0shofwp.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Extension: (WOT) - C:\Users\Wu\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0
CHR Extension: (Adblock Plus) - C:\Users\Wu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0
CHR Extension: (avast! Online Security) - C:\Users\Wu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Wu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-16] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-11-16] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-11-16] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-29] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-11-16] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-29] ()
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1544704 2013-03-12] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-02] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x]
S3 X6va013; \??\C:\windows\SysWOW64\Drivers\X6va013 [x]
S3 X6va014; \??\C:\windows\SysWOW64\Drivers\X6va014 [x]
S3 X6va015; \??\C:\windows\SysWOW64\Drivers\X6va015 [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-04 10:18 - 2014-01-04 10:18 - 00000000 ____D C:\FRST
2014-01-03 10:16 - 2014-01-03 10:16 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00623104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00546304 _____ (IDT, Inc.) C:\windows\system32\Drivers\stwrt64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00499096 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\tos_sps64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00474864 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00378608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00332520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00322800 _____ (VIA Corporation) C:\windows\system32\Drivers\VSTXRAID.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00164080 _____ (VIA Technologies Inc.,Ltd) C:\windows\system32\Drivers\vsmraid.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00137832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmbus.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00123632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00110976 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\THAccel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00106224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\VerifierExt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00097008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\uaspstor.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00086632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmbkmcl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00083184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00067824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00066800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00065776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UAGP35.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00062568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\winhv.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\SpbCx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00054784 _____ (Apple, Inc.) C:\windows\system32\Drivers\usbaapl64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umbus.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\watchdog.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmstorfl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wpcfltr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00037992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storvsc.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\terminpt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vdrvroot.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wimmount.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033008 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00032832 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\TVALZ_O.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbrpm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00031184 _____ (TOSHIBA Corporation.) C:\windows\system32\Drivers\tdcmdpst.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00030960 _____ (Promise Technology, Inc.) C:\windows\system32\Drivers\stexstor.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdi.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tape.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00028632 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\Thotkey.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00027008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wacompen.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00023792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00023280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WppRecorder.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00022144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\VMBusHID.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WSDPrint.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tbs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smclib.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WpdUpFltr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00019184 _____ (VIA Technologies, Inc.) C:\windows\system32\Drivers\viaide.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmilib.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmiacpi.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00013680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\swenum.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmgencounter.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umpass.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vms3cap.sys.bak
2014-01-03 10:15 - 2014-01-03 10:16 - 00081648 _____ (Silicon Integrated Systems) C:\windows\system32\Drivers\sisraid4.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 11070752 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 04431840 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 03265256 _____ (Broadcom Corporation) C:\windows\system32\Drivers\evbda.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01933544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01544704 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtwlane.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01225832 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192se.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00652784 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorA.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00626792 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl819xp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00458384 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187B.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00450664 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187Se.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00442368 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00441576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00411888 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00390896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00374512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00353008 _____ (LSI Corporation, Inc.) C:\windows\system32\Drivers\MegaSR.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00303848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00279552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00277736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00237808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcmcia.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00234224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00217328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdyboost.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00210672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpdr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00172784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scsiport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00172264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00168176 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00150256 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pacer.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00125168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00124928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irda.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00119528 _____ (Qualcomm Atheros Co., Ltd.) C:\windows\system32\Drivers\L1C63x64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00116976 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspptp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00113904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\EhStorTcgDrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00108784 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00107760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sbp2port.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\parport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00102640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00100072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Ndu.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00093936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rassstp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00092400 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00083696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspppoe.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\EhStorClass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081136 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sss.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00078848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rspndr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serial.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00071920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fileinfo.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mslldp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00066800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064752 _____ (Hewlett-Packard Company) C:\windows\system32\Drivers\HpSAMD.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064624 _____ (Intel Corporation) C:\windows\system32\Drivers\HECIx64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064240 _____ (Marvell Semiconductor, Inc.) C:\windows\system32\Drivers\mvumis.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\SerCx.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00062488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpfve.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\lltdio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndisuio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00057584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fsdepends.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00056552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00052464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcw.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00052464 _____ (IBM Corporation) C:\windows\system32\Drivers\nfrd960.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00051952 _____ (LSI Corporation) C:\windows\system32\Drivers\megasas.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\discache.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00049904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciidex.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00048368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\qwavedrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiscap.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbios.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidir.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00045808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00045296 _____ (Intel Corp./ICP vortex GmbH) C:\windows\system32\Drivers\iirsp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00044784 _____ (Silicon Integrated Systems Corp.) C:\windows\system32\Drivers\sisraid2.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\modem.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidi2c.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00037616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mssmbios.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scfilter.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CompositeBus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\filetrace.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dumpata.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\condrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dmvsc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fdc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030496 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00028904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpiowin32.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbatt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hwpolicy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HyperVideo.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\flpydisk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npsvctrig.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serenum.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\system32\Drivers\secdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mcd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00021376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksthunk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00018672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelide.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kdnic.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irenum.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00017136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sfloppy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasacd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dmpusbstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MTConfig.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00014064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciide.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rootmdm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hyperkbd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mskssrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidumdf.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\errdev.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mstee.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspclock.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00006912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspqm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\null.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys.bak
2014-01-03 10:14 - 2014-01-03 10:15 - 00562392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00533224 _____ (Broadcom Corporation) C:\windows\system32\Drivers\bxvbda.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00492272 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adp94xx.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00425192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00361200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00340720 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpahci.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00258288 _____ (AMD Technologies Inc.) C:\windows\system32\Drivers\amdsbs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394ohci.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00190704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00184048 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpu320.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdrom.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00109336 _____ (Alcor Micro, Corp.) C:\windows\system32\Drivers\AmUStor.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00108272 _____ (PMC-Sierra, Inc.) C:\windows\system32\Drivers\arcsas.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00106736 _____ (LSI) C:\windows\system32\Drivers\3ware.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00104688 _____ (PMC-Sierra, Inc.) C:\windows\system32\Drivers\arc.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00101888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00077040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpiex.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00076016 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthmodem.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00063216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BasicDisplay.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\circlass.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00033512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\battc.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00029952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthhfHid.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BasicRender.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\asyncmac.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00026352 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00025840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\atapi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CmBatt.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipmi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpitime.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipagr.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\beep.sys.bak
2014-01-03 10:13 - 2014-01-03 10:18 - 00000000 ____D C:\Users\Wu\Desktop\RK_Quarantine
2013-12-17 23:21 - 2013-12-17 23:21 - 01874432 _____ C:\Users\Wu\Desktop\Parietal Lobe PPT.ppt
2013-12-16 17:16 - 2013-12-16 17:16 - 00422944 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-15 23:07 - 2013-12-16 01:02 - 01275222 _____ C:\Users\Wu\Desktop\Parietal Lobe PPT.pptx
2013-12-15 15:50 - 2013-12-15 15:50 - 00000833 _____ C:\Users\Wu\Desktop\CCleaner.lnk
2013-12-15 15:42 - 2013-12-16 18:47 - 00000000 ____D C:\Users\Wu\Desktop\English
2013-12-15 15:42 - 2013-12-15 20:24 - 00000000 ____D C:\Users\Wu\Desktop\College things
2013-12-11 21:19 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-11 21:19 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-11 21:19 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-11 21:19 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-11 20:33 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-11 20:33 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-11 20:33 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-12-11 20:33 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-11 20:33 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-11 20:33 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-11 20:33 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-11 20:33 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-11 20:33 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-11 20:33 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-11 20:33 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-11 20:33 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-11 20:33 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-11 20:33 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-11 20:33 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-11 20:33 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-11 20:33 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-11 20:33 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-11 20:31 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-11 20:31 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-11 20:31 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-11 20:31 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-11 20:31 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2013-12-11 20:31 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-11 20:31 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-11 20:31 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-11 20:31 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2013-12-11 20:31 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-11 20:31 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-12-11 20:31 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-12-11 20:31 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-12-11 20:31 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-12-11 20:31 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-12-11 20:31 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-12-11 20:31 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-12-11 20:31 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-12-11 20:31 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-12-11 20:31 - 2013-10-03 17:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
2013-12-11 20:31 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-12-11 20:31 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-12-11 20:31 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-12-11 20:31 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-11 20:31 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-12-11 20:31 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2013-12-11 20:31 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2013-12-11 20:31 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2013-12-11 20:31 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2013-12-08 22:33 - 2013-12-14 13:20 - 00000000 ____D C:\Users\Wu\AppData\Roaming\Apple Computer
2013-12-08 22:33 - 2013-12-08 22:33 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-08 22:33 - 2013-12-08 22:33 - 00000000 ____D C:\Users\Wu\AppData\Local\Apple Computer
2013-12-08 22:33 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys
2013-12-08 22:32 - 2013-12-08 22:33 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-08 22:32 - 2013-12-08 22:33 - 00000000 ____D C:\Program Files\iTunes
2013-12-08 22:32 - 2013-12-08 22:33 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Users\Wu\AppData\Local\Apple
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\iPod
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\Bonjour
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-08 22:31 - 2013-12-08 22:32 - 00000000 ____D C:\ProgramData\Apple
 
==================== One Month Modified Files and Folders =======
 
2014-01-04 10:19 - 2013-08-12 09:11 - 00000000 ____D C:\Users\Wu\AppData\Local\PMB Files
2014-01-04 10:18 - 2014-01-04 10:18 - 00000000 ____D C:\FRST
2014-01-04 10:12 - 2013-06-18 05:13 - 01097596 _____ C:\windows\WindowsUpdate.log
2014-01-04 10:10 - 2013-07-23 13:45 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-04 10:10 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2014-01-03 21:49 - 2013-07-23 13:46 - 00000900 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-03 18:58 - 2013-07-23 17:10 - 00000000 ____D C:\Users\Wu\Documents\DragonNest
2014-01-03 18:11 - 2013-10-18 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-03 18:11 - 2013-10-18 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-03 14:16 - 2012-07-26 02:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-03 14:12 - 2013-07-23 15:54 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2014-01-03 14:11 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-03 14:09 - 2013-07-23 13:40 - 00000000 ____D C:\Users\Wu
2014-01-03 10:30 - 2013-05-05 23:27 - 01676048 _____ C:\windows\PFRO.log
2014-01-03 10:30 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-03 10:28 - 2013-08-31 18:27 - 00000000 ____D C:\AdwCleaner
2014-01-03 10:18 - 2014-01-03 10:13 - 00000000 ____D C:\Users\Wu\Desktop\RK_Quarantine
2014-01-03 10:16 - 2014-01-03 10:16 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00623104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00546304 _____ (IDT, Inc.) C:\windows\system32\Drivers\stwrt64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00499096 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\tos_sps64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00474864 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00416768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00378608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00332520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00322800 _____ (VIA Corporation) C:\windows\system32\Drivers\VSTXRAID.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00164080 _____ (VIA Technologies Inc.,Ltd) C:\windows\system32\Drivers\vsmraid.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00149504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tunnel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00137832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmbus.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00123632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00110976 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\THAccel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00106224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\VerifierExt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00097008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\uaspstor.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00086632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmbkmcl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00083184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00067824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vpci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00066800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00065776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UAGP35.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwififlt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00062568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\winhv.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\SpbCx.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00054784 _____ (Apple, Inc.) C:\windows\system32\Drivers\usbaapl64.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umbus.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\Drivers\watchdog.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045160 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmstorfl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wpcfltr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpipreg.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00037992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storvsc.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\terminpt.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00036080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vdrvroot.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wimmount.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00033008 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\Smb_driver_Intel.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00032832 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\TVALZ_O.SYS.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00031744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbrpm.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00031184 _____ (TOSHIBA Corporation.) C:\windows\system32\Drivers\tdcmdpst.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00030960 _____ (Promise Technology, Inc.) C:\windows\system32\Drivers\stexstor.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdi.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tape.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00028632 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\Thotkey.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00027008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wacompen.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00023792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00023280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WppRecorder.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00022144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\VMBusHID.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WSDPrint.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tbs.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\smclib.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00019968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WpdUpFltr.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00019184 _____ (VIA Technologies, Inc.) C:\windows\system32\Drivers\viaide.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vwifimp.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmilib.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wmiacpi.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00013680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\swenum.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vmgencounter.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\umpass.sys.bak
2014-01-03 10:16 - 2014-01-03 10:16 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vms3cap.sys.bak
2014-01-03 10:16 - 2014-01-03 10:15 - 00081648 _____ (Silicon Integrated Systems) C:\windows\system32\Drivers\sisraid4.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 11070752 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 04431840 _____ (Intel Corporation) C:\windows\system32\Drivers\igdkmd64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 03265256 _____ (Broadcom Corporation) C:\windows\system32\Drivers\evbda.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01933544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01544704 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtwlane.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 01225832 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8192se.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00652784 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorA.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00626792 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl819xp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00458384 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187B.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00450664 _____ (Realtek Semiconductor Corporation                           ) C:\windows\system32\Drivers\rtl8187Se.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00442368 _____ (Intel® Corporation) C:\windows\system32\Drivers\IntcDAud.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00441576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nwifi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00411888 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00390896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msrpc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00374512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fltMgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00353008 _____ (LSI Corporation, Inc.) C:\windows\system32\Drivers\MegaSR.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00303848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00279552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00277736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00237808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcmcia.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00234224 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pci.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00217328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdyboost.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00210672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fastfat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00208384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00194560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\exfat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpdr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiswan.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00172784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scsiport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00172264 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00168176 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00150256 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00145920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipnat.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pacer.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00134144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\luafv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NdisImPlatform.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00125168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00124928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasl2tp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00121856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irda.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00119528 _____ (Qualcomm Atheros Co., Ltd.) C:\windows\system32\Drivers\L1C63x64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00116976 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00114176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspptp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00113904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\EhStorTcgDrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\i8042prt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00108784 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00107760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sbp2port.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\parport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00102640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00100072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Ndu.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00093936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00092672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rassstp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00092400 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00083696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mup.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\raspppoe.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\EhStorClass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00081136 _____ (LSI Corporation) C:\windows\system32\Drivers\lsi_sss.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00078848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rspndr.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serial.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00071920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fileinfo.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mslldp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00066800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064752 _____ (Hewlett-Packard Company) C:\windows\system32\Drivers\HpSAMD.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064624 _____ (Intel Corporation) C:\windows\system32\Drivers\HECIx64.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00064240 _____ (Marvell Semiconductor, Inc.) C:\windows\system32\Drivers\mvumis.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\SerCx.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00062488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpfve.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\lltdio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndisuio.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00057584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fsdepends.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00056552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00052464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pcw.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00052464 _____ (IBM Corporation) C:\windows\system32\Drivers\nfrd960.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00051952 _____ (LSI Corporation) C:\windows\system32\Drivers\megasas.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\discache.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00049904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciidex.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00048368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\qwavedrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndiscap.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbios.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidir.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00045808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouclass.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00045296 _____ (Intel Corp./ICP vortex GmbH) C:\windows\system32\Drivers\iirsp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00044784 _____ (Silicon Integrated Systems Corp.) C:\windows\system32\Drivers\sisraid2.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\modem.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidi2c.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00037616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mssmbios.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\scfilter.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CompositeBus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\filetrace.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\nsiproxy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00034032 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dumpata.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\condrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dmvsc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00033240 _____ (GEAR Software Inc.) C:\windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\RNDISMP.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fdc.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00030496 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kbdhid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00028904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpiowin32.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sermouse.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbatt.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msfs.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fs_rec.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndistapi.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hwpolicy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HyperVideo.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\flpydisk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\npsvctrig.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\serenum.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\windows\system32\Drivers\secdrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpbus.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\isapnp.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mcd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00021376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksthunk.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00018672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelide.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\kdnic.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\irenum.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00017136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msisadrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sfloppy.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rasacd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Dmpusbstor.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\MTConfig.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00014064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pciide.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rootmdm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hyperkbd.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00011008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mskssrv.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidumdf.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\errdev.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mstee.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspclock.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00006912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mspqm.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\null.sys.bak
2014-01-03 10:15 - 2014-01-03 10:15 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys.bak
2014-01-03 10:15 - 2014-01-03 10:14 - 00562392 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00533224 _____ (Broadcom Corporation) C:\windows\system32\Drivers\bxvbda.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00492272 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adp94xx.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00425192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00361200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\clfs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00340720 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpahci.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00327512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00258288 _____ (AMD Technologies Inc.) C:\windows\system32\Drivers\amdsbs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00226304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\1394ohci.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00190704 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00184048 _____ (Adaptec, Inc.) C:\windows\system32\Drivers\adpu320.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdrom.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bridge.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00109336 _____ (Alcor Micro, Corp.) C:\windows\system32\Drivers\AmUStor.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00108544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cdfs.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00108272 _____ (PMC-Sierra, Inc.) C:\windows\system32\Drivers\arcsas.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00106736 _____ (LSI) C:\windows\system32\Drivers\3ware.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00104688 _____ (PMC-Sierra, Inc.) C:\windows\system32\Drivers\arc.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00101888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00077040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpiex.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00076016 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00068608 _____ (Microsoft Corporation) C:\windows\system32\Drivers\agilevpn.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthmodem.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00063216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\AGP440.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthhfenum.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BasicDisplay.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\circlass.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00033512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\battc.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00029952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthhfHid.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BasicRender.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\asyncmac.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00026352 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00025840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\atapi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\CmBatt.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipmi.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpitime.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\acpipagr.sys.bak
2014-01-03 10:14 - 2014-01-03 10:14 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\beep.sys.bak
2013-12-30 21:13 - 2013-09-16 19:34 - 00000000 ____D C:\Users\Wu\AppData\Local\Mozilla
2013-12-28 19:31 - 2013-08-20 18:11 - 00174080 ___SH C:\Users\Wu\Desktop\Thumbs.db
2013-12-25 20:11 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-21 09:24 - 2013-07-23 17:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-17 23:21 - 2013-12-17 23:21 - 01874432 _____ C:\Users\Wu\Desktop\Parietal Lobe PPT.ppt
2013-12-16 18:47 - 2013-12-15 15:42 - 00000000 ____D C:\Users\Wu\Desktop\English
2013-12-16 17:16 - 2013-12-16 17:16 - 00422944 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-16 01:02 - 2013-12-15 23:07 - 01275222 _____ C:\Users\Wu\Desktop\Parietal Lobe PPT.pptx
2013-12-15 20:24 - 2013-12-15 15:42 - 00000000 ____D C:\Users\Wu\Desktop\College things
2013-12-15 15:50 - 2013-12-15 15:50 - 00000833 _____ C:\Users\Wu\Desktop\CCleaner.lnk
2013-12-15 15:50 - 2013-07-23 17:09 - 00000000 ____D C:\Program Files\CCleaner
2013-12-15 14:15 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2013-12-14 22:16 - 2013-07-23 14:21 - 00000000 ____D C:\windows\system32\MRT
2013-12-14 22:15 - 2013-07-23 14:21 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-14 22:14 - 2013-07-23 13:55 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1641870597-3615027220-1899006753-1002
2013-12-14 13:20 - 2013-12-08 22:33 - 00000000 ____D C:\Users\Wu\AppData\Roaming\Apple Computer
2013-12-13 22:37 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2013-12-13 20:32 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\oobe
2013-12-08 22:33 - 2013-12-08 22:33 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-12-08 22:33 - 2013-12-08 22:33 - 00000000 ____D C:\Users\Wu\AppData\Local\Apple Computer
2013-12-08 22:33 - 2013-12-08 22:32 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-08 22:33 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\iTunes
2013-12-08 22:33 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Users\Wu\AppData\Local\Apple
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\ProgramData\Apple Computer
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\iPod
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files\Bonjour
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-08 22:32 - 2013-12-08 22:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-08 22:32 - 2013-12-08 22:31 - 00000000 ____D C:\ProgramData\Apple
2013-12-06 21:44 - 2013-07-23 13:46 - 00003872 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-06 21:44 - 2013-07-23 13:45 - 00003636 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some content of TEMP:
====================
C:\Users\Wu\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-28 15:02
 
==================== End Of Log ============================

Attached Files



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:10 AM

Posted 04 January 2014 - 11:10 AM

Looking at your last log many of the Operating files were backed up. Possibly they are in the new folder.

In any event I suggest you restore you computer to a previous date prior to your problems.

http://blogs.msdn.com/b/zxue/archive/2012/03/09/windows-8-how-to-29-restore-system-to-a-previous-state-using-restore-point.aspx

When done run the Farbar Recovery Scan Tool and post a fresh log for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users