Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

found Backdoor.0Access with MBAR


  • This topic is locked This topic is locked
34 replies to this topic

#1 Without_A_Monitor

Without_A_Monitor

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 30 December 2013 - 04:28 PM

I'm sorry if I posted this in the wrong section.

 

I was running some of my anti-virus and anti-spyware programs because I hadn't done so in a few weeks. I decided to install and run MBAR. It found two items for Backdoor.0Access ...I deleted the entries without doing research before hand on the type of infection that they were. After reading several threads on here, it seems as if I should have consulted here before I deleted the entries? Can someone please assist me with this and confirm if my laptop is still in danger or not?

 

 

From what I can tell (whatever that is worth,) I am not experiencing any blatant computer issues. MBAM and MSE found nothing in their full-scan searches. Additionally, I have not noticed any issues besides simply finding the two Backdoor.0Access entries in MBAR.


Edited by Without_A_Monitor, 30 December 2013 - 04:31 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 31 December 2013 - 04:06 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Also please open the MBAR folder and attach the logs - system-log.txt and mbar-log-2013-xx-xx(xx-xx-xx).txt to your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 31 December 2013 - 02:13 PM

Hey, Georgi. A many thanks for the quick response and help. I'll run Farbar and post the logs. Here are the logs from MBAR.

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.30.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
El Diego :: EL_DIEGO [administrator]

12/30/2013 3:47:18 PM
mbar-log-2013-12-30 (15-47-18).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238650
Time elapsed: 19 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\El Diego\Local Settings\Application Data\65c23f4a\U (Backdoor.0Access) -> Delete on reboot.

Files Detected: 1
C:\Users\El Diego\AppData\Local\65c23f4a\@ (Backdoor.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1008
www.malwarebytes.org

Database version: v2013.12.30.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
El Diego :: EL_DIEGO [administrator]

12/30/2013 4:49:41 PM
mbar-log-2013-12-30 (16-49-41).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 238736
Time elapsed: 19 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#4 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 31 December 2013 - 02:23 PM

I have both of the Farbar logs below this statement, Georgi. By the way, I should probably note that I was infected with ScorpionSaver/AdPeak/LevelQualityWatcher about one month ago. I came here and made a thread in the "Am I Infected? What do I do?" I received great help on the problem and seemingly had resolved it. Do you think that this Backdoor.0Access is related to the infection from one month ago?

 

 

 

 

Here is the Farbar log for "FRST"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by El Diego (administrator) on EL_DIEGO on 31-12-2013 14:16:16
Running from C:\Users\El Diego\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\collsvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RAVCpl64.exe [6453760 2008-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] - C:\Windows\SkyTel.exe [1826816 2008-10-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [152576 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1347584 2009-01-30] (AWS Convergence Technologies, Inc.)
HKCU\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
URLSearchHook: HKLM-x32 - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -  No File
URLSearchHook: HKLM-x32 - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
URLSearchHook: HKCU - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -  No File
URLSearchHook: HKCU - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR_en
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYR_en
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default
FF DefaultSearchEngine: Firefox Add-ons
FF SelectedSearchEngine: Firefox Add-ons
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Windows\system32\TVUAx\npTVUAx.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\searchplugins\firefox-add-ons.xml
FF Extension: TVU Web Player - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\firefox@tvunetworks.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Ghostery - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: QuickWiki - C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\El Diego\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (TVU Web Player for FireFox) - C:\Windows\system32\TVUAx\npTVUAx.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-06-06] ()
R2 RtkAudioService; C:\Windows\RtkAudioService.exe [134656 2008-10-17] (Realtek Semiconductor)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2008-09-29] (Intel Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 SOHCImp; C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-10-21] (Sony Corporation)
S3 SOHDms; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [353568 2008-10-21] (Sony Corporation)
S3 SOHDs; C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [62752 2008-10-21] (Sony Corporation)
S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-09-08] (Sony Corporation)
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [446464 2008-09-03] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-09-08] (Sony Corporation)
S4 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-09-08] (Sony Corporation)
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)
S1 Beep; No ImagePath
S1 DMICall; C:\Windows\SysWow64\DRIVERS\DMICall.sys [10216 2008-08-22] (Sony Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 MxlW2k; C:\Windows\SysWow64\Drivers\MxlW2k.sys [27924 2013-12-30] (MusicMatch, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 risdptsk; C:\Windows\System32\DRIVERS\risdsn64.sys [76288 2008-10-22] (REDC)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-01] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-01] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [67656 2011-05-31] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tizeqdrv; C:\Users\El Diego\AppData\Roaming\TZAC2\tizeq64.sys [171704 2012-07-17] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 igfx; system32\DRIVERS\igdkmd64.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-31 14:16 - 2013-12-31 14:16 - 00019432 _____ C:\Users\El Diego\Desktop\FRST.txt
2013-12-31 14:15 - 2013-12-31 14:15 - 00000000 ____D C:\FRST
2013-12-31 14:14 - 2013-12-31 14:14 - 01931302 _____ (Farbar) C:\Users\El Diego\Desktop\FRST64.exe
2013-12-31 02:57 - 2013-12-31 02:57 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\El Diego\Desktop\iexplore.com.exe
2013-12-31 01:40 - 2013-12-31 01:57 - 04745216 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw5v64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 01523712 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 01474840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 01417664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 01221176 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00738264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00724480 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00408024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00391680 _____ (Marvell) C:\Windows\system32\Drivers\yk60x64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00345984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00286720 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00284728 _____ (ULi Electronics Inc.) C:\Windows\system32\Drivers\uliahci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00269288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00203368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00185248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00178664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00174696 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata2.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00173112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00164328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00154168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00149048 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00148072 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00128056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00126520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00124008 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00090216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00085504 _____ (REDC) C:\Windows\system32\Drivers\rimssn64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00078392 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00076288 _____ (REDC) C:\Windows\system32\Drivers\risdsn64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00072448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00068224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00068152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00067128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00067048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00062440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00055024 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00054328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00051816 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00051256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00049256 _____ (LSI Logic) C:\Windows\system32\Drivers\symc8xx.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00048232 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_u3.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00045624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00044648 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_hi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00032640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00024120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00019512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00019432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00018024 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00014112 _____ (InterVideo) C:\Windows\system32\Drivers\regi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00013416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00013032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00011392 _____ (Sony Corporation) C:\Windows\system32\Drivers\SFEP.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00009728 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio64.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-31 01:40 - 2013-12-31 01:57 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00438328 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00406040 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00310760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00290872 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00215528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00166888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00128056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00113720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00113720 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00113720 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00105016 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00070200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00068152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00059880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00047672 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpCISSs.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00044648 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00042040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00039992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00039016 _____ (LSI Logic Corporation) C:\Windows\system32\Drivers\Mraid35x.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00037480 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteraid.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00037480 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteatapi.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00035896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00035896 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00034872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00023608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00020864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00020536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omgmt.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00019512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00017024 _____ (Conexant) C:\Windows\system32\Drivers\mdmxsdk.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00011008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00007040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-31 01:40 - 2013-12-31 01:56 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 04598784 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 01511936 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_DPV.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00731648 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00397368 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00300032 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAXHWAZL.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00275432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00193072 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00185912 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00164840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00155112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00146176 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00133672 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00124472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00095784 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00091192 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00090680 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00088168 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00086528 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00070200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00067032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00064568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00039400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00036392 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00030776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00027704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00023608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00022584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00021160 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00019968 _____ (ArcSoft, Inc.) C:\Windows\system32\Drivers\ArcSoftKsUFilter.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00018024 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00015976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00015976 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00015616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-31 01:39 - 2013-12-31 01:56 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-31 01:39 - 2013-12-31 01:55 - 00486456 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-31 01:39 - 2013-12-31 01:55 - 00342584 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-31 01:39 - 2013-12-31 01:55 - 00325608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-31 01:39 - 2013-12-31 01:55 - 00126520 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu160m.sys.bak
2013-12-31 01:39 - 2013-12-31 01:55 - 00065280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-30 22:27 - 2013-12-31 01:59 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-30 19:04 - 2013-12-30 19:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Desktop\rkill.exe
2013-12-30 15:47 - 2013-12-31 02:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-30 15:18 - 2013-12-31 01:59 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-30 15:17 - 2013-12-30 15:17 - 12582688 _____ (Malwarebytes Corp.) C:\Users\El Diego\Downloads\mbar-1.07.0.1008.exe
2013-12-24 16:54 - 2013-11-14 21:09 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-24 16:54 - 2013-11-14 20:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-24 16:54 - 2013-11-14 20:37 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-24 16:54 - 2013-11-14 20:29 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-24 16:54 - 2013-11-14 20:29 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-24 16:54 - 2013-11-14 20:28 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-24 16:54 - 2013-11-14 20:28 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-24 16:54 - 2013-11-14 20:25 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-24 16:54 - 2013-11-14 20:22 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-24 16:54 - 2013-11-14 20:20 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-24 16:54 - 2013-11-14 20:20 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-24 16:54 - 2013-11-14 20:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-24 16:54 - 2013-11-14 20:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-24 16:54 - 2013-11-14 20:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-24 16:54 - 2013-11-14 20:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-24 16:54 - 2013-11-14 20:12 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-24 16:54 - 2013-11-14 18:13 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-24 16:54 - 2013-11-14 17:50 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-24 16:54 - 2013-11-14 17:50 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-24 16:54 - 2013-11-14 17:43 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-24 16:54 - 2013-11-14 17:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-24 16:54 - 2013-11-14 17:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-24 16:54 - 2013-11-14 17:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-24 16:54 - 2013-11-14 17:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-24 16:54 - 2013-11-14 17:38 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-24 16:54 - 2013-11-14 17:38 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-24 16:54 - 2013-11-14 17:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-24 16:54 - 2013-11-14 17:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-24 16:54 - 2013-11-14 17:36 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-24 16:54 - 2013-11-14 17:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-24 16:54 - 2013-11-14 17:35 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-24 16:54 - 2013-11-14 17:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-24 16:49 - 2013-10-29 21:10 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-24 16:49 - 2013-10-22 04:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-24 16:49 - 2013-10-22 02:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-24 16:49 - 2013-10-10 23:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-24 16:49 - 2013-10-10 23:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-24 16:49 - 2013-10-10 21:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-24 16:49 - 2013-10-10 21:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-24 16:49 - 2013-10-10 21:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-24 16:48 - 2013-10-10 21:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-24 16:48 - 2013-10-10 21:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2013-12-24 16:48 - 2013-10-10 19:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-24 16:48 - 2013-10-10 19:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-20 05:44 - 2013-12-20 05:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 20:38 - 2013-12-18 20:38 - 00000097 _____ C:\Users\El Diego\Documents\amazon christmas order numbers.txt
2013-12-10 19:56 - 2013-12-10 19:56 - 00347816 _____ (Microsoft Corporation) C:\Users\El Diego\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1503101505642860.1.1.Run.exe

==================== One Month Modified Files and Folders =======

2013-12-31 14:16 - 2013-12-31 14:16 - 00019432 _____ C:\Users\El Diego\Desktop\FRST.txt
2013-12-31 14:15 - 2013-12-31 14:15 - 00000000 ____D C:\FRST
2013-12-31 14:14 - 2013-12-31 14:14 - 01931302 _____ (Farbar) C:\Users\El Diego\Desktop\FRST64.exe
2013-12-31 14:11 - 2010-02-24 00:25 - 01672948 ____H C:\Windows\WindowsUpdate.log
2013-12-31 14:08 - 2010-03-01 21:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-31 14:08 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-31 14:08 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-31 14:08 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-31 04:54 - 2008-10-30 21:17 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-12-31 04:54 - 2006-11-02 10:42 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-31 04:45 - 2008-01-20 22:26 - 00376812 ____H C:\Windows\PFRO.log
2013-12-31 04:34 - 2010-03-01 21:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-31 02:57 - 2013-12-31 02:57 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\El Diego\Desktop\iexplore.com.exe
2013-12-31 02:52 - 2010-02-24 00:14 - 00000000 ____D C:\Users\El Diego\AppData\Roaming\Skype
2013-12-31 02:31 - 2013-10-07 14:46 - 00083624 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2013-12-31 02:21 - 2013-12-30 15:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-31 01:59 - 2013-12-30 22:27 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-31 01:59 - 2013-12-30 15:18 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-31 01:58 - 2013-11-24 22:39 - 00000000 ____D C:\Users\El Diego\Downloads\bastion
2013-12-31 01:57 - 2013-12-31 01:40 - 04745216 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETw5v64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 01523712 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 01474840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 01417664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 01221176 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00738264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00724480 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00594432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00408024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00391680 _____ (Marvell) C:\Windows\system32\Drivers\yk60x64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00345984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00286720 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00284728 _____ (ULi Electronics Inc.) C:\Windows\system32\Drivers\uliahci.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00269288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00203368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00185248 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00178664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00174696 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata2.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00173112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00164328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Storport.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00154168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WimFltr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00149048 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00148072 _____ (Promise Technology, Inc.) C:\Windows\system32\Drivers\ulsata.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00134944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NisDrvWFP.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00128056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00126520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00124008 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00090216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00085504 _____ (REDC) C:\Windows\system32\Drivers\rimssn64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00078392 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00076288 _____ (REDC) C:\Windows\system32\Drivers\risdsn64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00072448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00068224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00068152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00067128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00067048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00062440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00055024 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00054328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00051816 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00051256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00049256 _____ (LSI Logic) C:\Windows\system32\Drivers\symc8xx.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00048232 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_u3.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WpdUsb.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00045624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sisraid2.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00044648 _____ (LSI Logic) C:\Windows\system32\Drivers\sym_hi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00032640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00024120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00019512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00019432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TUNMP.SYS.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00018024 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00014112 _____ (InterVideo) C:\Windows\system32\Drivers\regi.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00013416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00013032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00011392 _____ (Sony Corporation) C:\Windows\system32\Drivers\SFEP.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00009728 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\XAudio64.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2013-12-31 01:57 - 2013-12-31 01:40 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00438328 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00406040 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00310760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00290872 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00215528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00166888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00128056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00113720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00113720 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00113720 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00105016 _____ (LSI Logic) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00070200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00068152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00059880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00047672 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpCISSs.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00044648 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00042040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00039992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00039016 _____ (LSI Logic Corporation) C:\Windows\system32\Drivers\Mraid35x.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00037480 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteraid.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00037480 _____ (Integrated Technology Express, Inc.) C:\Windows\system32\Drivers\iteatapi.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00035896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00035896 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00034872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00031288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00023608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00020864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00020536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i2omgmt.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00019512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00017976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00017024 _____ (Conexant) C:\Windows\system32\Drivers\mdmxsdk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00011008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00007040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2013-12-31 01:56 - 2013-12-31 01:40 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 04598784 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 01511936 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_DPV.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00731648 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00397368 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00300032 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAXHWAZL.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00275432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00193072 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00185912 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00164840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00155112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00146176 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00133672 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwavdt.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00124472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00095784 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwaudio.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00091192 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00090680 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00088168 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00086528 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00070200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00067032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00064568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00039400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00036392 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwl2cap.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00030776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00029656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00027704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00023608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00022584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00021160 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwrchid.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00019968 _____ (ArcSoft, Inc.) C:\Windows\system32\Drivers\ArcSoftKsUFilter.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00018024 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00015976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00015976 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00015616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bdasup.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2013-12-31 01:56 - 2013-12-31 01:39 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2013-12-31 01:55 - 2013-12-31 01:39 - 00486456 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2013-12-31 01:55 - 2013-12-31 01:39 - 00342584 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2013-12-31 01:55 - 2013-12-31 01:39 - 00325608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2013-12-31 01:55 - 2013-12-31 01:39 - 00126520 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu160m.sys.bak
2013-12-31 01:55 - 2013-12-31 01:39 - 00065280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2013-12-31 01:41 - 2012-12-17 04:33 - 00000000 ____D C:\Program Files (x86)\Steam
2013-12-31 01:41 - 2011-08-05 18:52 - 00000000 ____D C:\Users\El Diego\AppData\Roaming\Xfire
2013-12-31 01:12 - 2010-02-23 23:56 - 00202008 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-31 01:12 - 2010-02-23 23:56 - 00202008 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-30 23:56 - 2006-11-02 07:46 - 00690960 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 22:22 - 2010-02-23 23:53 - 00027924 _____ (MusicMatch, Inc.) C:\Windows\SysWOW64\Drivers\MxlW2k.sys
2013-12-30 19:04 - 2013-12-30 19:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\El Diego\Desktop\rkill.exe
2013-12-30 17:15 - 2013-11-14 04:32 - 00000000 ____D C:\AdwCleaner
2013-12-30 16:08 - 2011-11-06 17:29 - 00000000 __SHD C:\Users\El Diego\AppData\Local\65c23f4a
2013-12-30 15:18 - 2011-07-05 17:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-30 15:17 - 2013-12-30 15:17 - 12582688 _____ (Malwarebytes Corp.) C:\Users\El Diego\Downloads\mbar-1.07.0.1008.exe
2013-12-29 02:42 - 2010-09-11 00:36 - 00000000 ___HD C:\Users\El Diego\AppData\Roaming\TS3Client
2013-12-26 19:19 - 2013-10-07 13:55 - 00000000 ____D C:\Users\El Diego\Documents\grad school
2013-12-24 17:03 - 2006-11-02 10:21 - 00343176 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-24 16:56 - 2010-02-24 00:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-24 16:53 - 2013-11-25 00:08 - 00000000 ____D C:\Windows\system32\MRT
2013-12-24 16:50 - 2006-11-02 07:35 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-12-24 00:18 - 2010-02-24 00:13 - 00000000 ___HD C:\Users\El Diego\AppData\Local\WeatherBug
2013-12-20 18:29 - 2012-04-25 05:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 05:44 - 2013-12-20 05:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 20:38 - 2013-12-18 20:38 - 00000097 _____ C:\Users\El Diego\Documents\amazon christmas order numbers.txt
2013-12-18 19:50 - 2013-11-25 17:26 - 00000000 ____D C:\Users\El Diego\Downloads\crap
2013-12-18 19:50 - 2010-06-27 21:40 - 00127488 _____ C:\Users\El Diego\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-17 22:46 - 2011-08-05 18:52 - 00000000 ____D C:\ProgramData\Xfire
2013-12-14 21:22 - 2013-10-30 15:36 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-12 05:30 - 2011-09-22 18:02 - 00000000 ____D C:\Users\El Diego\AppData\Roaming\BitTorrent
2013-12-10 20:10 - 2010-11-17 23:07 - 00000000 ____D C:\Users\El Diego\AppData\Roaming\FrostWire
2013-12-10 19:56 - 2013-12-10 19:56 - 00347816 _____ (Microsoft Corporation) C:\Users\El Diego\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.1503101505642860.1.1.Run.exe
2013-12-08 19:29 - 2008-10-30 23:37 - 00000000 ___HD C:\ProgramData\Adobe
2013-12-05 02:57 - 2010-02-28 22:05 - 00000000 ____D C:\Users\El Diego\AppData\Roaming\vlc
2013-12-03 07:29 - 2010-03-01 21:06 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-03 07:29 - 2010-03-01 21:06 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Files to move or delete:
====================
C:\Users\El Diego\AppData\Roaming\desktop.ini


Some content of TEMP:
====================
C:\Users\El Diego\AppData\Local\temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-31 14:14

==================== End Of Log ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here is the Farbar log for "Addition"

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by El Diego at 2013-12-31 14:17:50
Running from C:\Users\El Diego\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 1.1.377 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (x32 Version: 10.1.4 - Adobe Systems Incorporated)
AIM 7 (x32 Version:  - )
AIM Toolbar 5.0 (x32 Version: 5.7.3.2 - AOL LLC)
Alps Pointing-device for VAIO (Version:  - )
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.)
Apple Application Support (x32 Version: 2.1.5 - Apple Inc.)
Apple Mobile Device Support (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (x32 Version: 2.0.1.39 - ArcSoft)
ArcSoft WebCam Companion 2 (x32 Version:  - ArcSoft)
ATI Catalyst Install Manager (Version: 3.0.829.0 - ATI Technologies, Inc.)
BitTorrent (x32 Version: 7.8.0.29626 - BitTorrent Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (x32 Version:  - Canon Inc.)
Canon IJ Network Tool (x32 Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (x32 Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (Version: 1.00 - Canon Inc.)
Canon MG3500 series User Registration (x32 Version:  - ‭Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Graphics Full New (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Graphics Light (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center InstallProxy (x32 Version: 2008.0717.2343.40629 - ATI Technologies, Inc.)
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Czech (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Danish (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Dutch (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Finnish (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization French (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization German (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Greek (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Hungarian (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Italian (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Japanese (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Korean (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Norwegian (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Polish (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Portuguese (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Russian (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Spanish (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Swedish (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Thai (x32 Version: 2008.0717.2343.40629 - ATI)
Catalyst Control Center Localization Turkish (x32 Version: 2008.0717.2343.40629 - ATI)
CCC Help Chinese Standard (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Chinese Traditional (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Czech (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Danish (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Dutch (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help English (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Finnish (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help French (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help German (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Greek (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Hungarian (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Italian (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Japanese (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Korean (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Norwegian (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Polish (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Portuguese (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Russian (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Spanish (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Swedish (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Thai (x32 Version: 2008.0717.2342.40629 - ATI)
CCC Help Turkish (x32 Version: 2008.0717.2342.40629 - ATI)
ccc-core-static (x32 Version: 2008.0717.2343.40629 - ATI)
ccc-utility64 (Version: 2008.0717.2343.40629 - ATI)
CCleaner (Version: 4.07 - Piriform)
Click to Disc (x32 Version: 1.2.52.09250 - Sony Corporation)
Click to Disc Editor (x32 Version: 1.2.51 - Sony Corporation)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Dolby Control Center (Version: 1.2.0702 - Dolby)
ESET Online Scanner v3 (x32 Version:  - )
ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0 - )
FrostWire 4.21.1 (x32 Version: 4.21.1.0 - FrostWire Team)
Game Booster 3 (x32 Version: 3.5 - IObit)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.)
HDAUDIO SoftV92 Data Fax Modem with SmartCP (Version:  - )
Intel PROSet Wireless (Version:  - )
Intel® PROSet/Wireless WiFi Software (Version: 12.01.1000 - Intel® Corporation)
iTunes (Version: 10.5.0.142 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
LimeWire 4.18.8 (x32 Version: 4.18.8 - Lime Wire, LLC)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation)
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.3 (x32 Version: 1.2.3 - Thorvald Natvig)
Music Transfer (x32 Version: 1.2.00.17290 - Sony Corporation)
MUSICMATCH Jukebox (x32 Version:  - )
Name Maker Studio G2 v6.1 (x32 Version:  - )
OpenMG Secure Module 5.1.00 (x32 Version: 5.1.00.05200 - Sony Corporation)
Pidgin (x32 Version: 2.10.7 - )
Primo (x32 Version: 1.00.0000 - Your Company Name)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
QuickBooks Simple Start 2009 (x32 Version: 19.0.4001.703 - Intuit Inc.)
QuickTime (x32 Version: 7.70.80.34 - Apple Inc.)
Rcon Unlimited 1.0 (x32 Version:  - )
Realtek High Definition Audio Driver (x32 Version: 2.62 - Realtek Semiconductor Corp.)
Regi (Version: 1.00.0000 - InterVideo Inc.)
Return to Castle Wolfenstein - Platinum Edition (x32 Version:  - )
Return to Castle Wolfenstein (x32 Version: 1.0 - Activision, Inc.)
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
Roxio Central Audio (x32 Version: 3.7.0 - Roxio)
Roxio Central Copy (x32 Version: 3.7.0 - Roxio)
Roxio Central Core (x32 Version: 3.7.0 - Roxio)
Roxio Central Data (x32 Version: 3.7.0 - Roxio)
Roxio Central Tools (x32 Version: 3.7.0 - Roxio)
Roxio Easy Media Creator 10 LJ (x32 Version: 10.1 - Roxio)
Roxio Easy Media Creator Home (x32 Version: 10.1.296 - Roxio)
Setting Utility Series (x32 Version: 4.2.0.10150 - Sony Corporation)
Skins (x32 Version: 2008.0717.2343.40629 - ATI)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sony Picture Utility (x32 Version: 3.3.01.09300 - Sony Corporation)
Sony Video Shared Library (x32 Version: 3.5.00 - Sony Corporation)
Speccy (Version: 1.24 - Piriform)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Starcraft (x32 Version:  - )
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware Free Edition (x32 Version: 4.26.0.1002 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (x32 Version: 15 - SupportSoft)
TeamSpeak 3 Client (x32 Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TZAC ANTICHEAT 2 (x32 Version: 2 - Tomislav Zubcic)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
VAIO Care (x32 Version: 2.01.1031 - Sony)
VAIO Control Center (x32 Version: 3.2.0.09120 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.0.04.01170 - Sony Corporation)
VAIO DVD Menu Data Basic (x32 Version: 1.0.00.08130 - Sony Corporation)
VAIO Entertainment Platform (x32 Version: 3.2.3.10070 - Sony Corporation)
VAIO Event Service (x32 Version: 4.2.0.11060 - Sony Corporation)
VAIO Help and Support (x32 Version: 7.00.1023.FW - Sony Corporation)
VAIO Launcher (x32 Version: 2.2.0.09090 - Sony Corporation)
VAIO Media plus (x32 Version: 1.2.0.10230 - Sony Corporation)
VAIO Media plus Opening Movie (x32 Version: 1.2.0.09050 - Sony Corporation)
VAIO Movie Story (x32 Version: 1.3.01.08060 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 1.3.00.06120 - Sony Corporation)
VAIO MusicBox (x32 Version: 2.1.1.09160 - Sony Corporation)
VAIO MusicBox Sample Music (x32 Version: 1.1.00.14140 - Sony Corporation)
VAIO My Memory Center (x32 Version: 2.00.1029 - Sony)
VAIO OOBE and Welcome Center (x32 Version: 7.00.1022.US - Sony Corporation)
VAIO Original Function Setting (x32 Version: 1.5.00.08150 - Sony Corporation)
VAIO Power Management (x32 Version: 3.2.0.10200 - Sony Corporation)
VAIO Presentation Support (x32 Version: 1.1.0.08250 - Sony Corporation)
VAIO Startup Assistant (x32 Version: 4.00.1114 - Sony)
VAIO Survey (x32 Version: 6.00.0722 - Sony Corporation)
VAIO Update 4 (x32 Version: 4.0.0.08280 - Sony Corporation)
VAIO Wallpaper Contents (x32 Version: 1.3.0.10310 - Sony Corporation)
VAIO Wireless Wizard (x32 Version: 2.00.1013 - Sony)
Veetle TV 0.9.17 (x32 Version: 0.9.17 - Veetle, Inc)
Ventrilo Client (x32 Version: 3.0.5 - Flagship Industries, Inc.)
VLC media player 1.0.5 (x32 Version: 1.0.5 - VideoLAN Team)
WeatherBug (x32 Version: 6.8.2.1 - AWS Convergence Technologies)
WIDCOMM Bluetooth Software 6.2.0.5800 (Version: 6.2.0.5800 - Broadcom Corporation)
WinDVD BD for VAIO (x32 Version: 8.0-B9.617 - InterVideo Inc.)
Wolfenstein - Enemy Territory (x32 Version:  - )
Xfire (remove only) (x32 Version:  - )

==================== Restore Points  =========================

10-12-2013 20:52:17 Scheduled Checkpoint
12-12-2013 04:40:34 Scheduled Checkpoint
13-12-2013 02:00:14 Scheduled Checkpoint
14-12-2013 01:14:01 Windows Update
14-12-2013 22:36:45 Scheduled Checkpoint
16-12-2013 20:29:16 Scheduled Checkpoint
17-12-2013 20:59:19 Windows Update
18-12-2013 20:48:29 Scheduled Checkpoint
19-12-2013 19:42:21 Scheduled Checkpoint
21-12-2013 02:06:40 Windows Update
22-12-2013 01:48:37 Scheduled Checkpoint
22-12-2013 20:27:06 Scheduled Checkpoint
24-12-2013 02:22:21 Scheduled Checkpoint
24-12-2013 05:31:21 Windows Update
24-12-2013 21:49:52 Windows Update
26-12-2013 07:26:33 Scheduled Checkpoint
27-12-2013 22:02:40 Windows Update
29-12-2013 09:19:25 Scheduled Checkpoint
29-12-2013 21:20:51 Scheduled Checkpoint
30-12-2013 13:16:29 Scheduled Checkpoint
30-12-2013 21:07:30 Malwarebytes Anti-Rootkit Restore Point
31-12-2013 05:38:32 Windows Update

==================== Hosts content: ==========================

2006-11-02 07:34 - 2013-11-27 16:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {29F7F4C7-E0B0-4395-923D-2E6D061B0214} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2008-08-28] (Sony Corporation)
Task: {2DE11D7B-ECFB-4BC7-A2F6-C43016701541} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01] (Google Inc.)
Task: {38671F7E-ABD9-4953-A3E4-C892BA7F81CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-01] (Google Inc.)
Task: {6B7FCE34-46D4-44A1-93EB-C75E5F7CD871} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {6D866519-0BEF-48A7-B443-73633648ACE7} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2008-10-16] (Sony Electronics, Inc.)
Task: {78A2C7B1-164E-4B75-9A51-71E7B9F84A0C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {99D864D2-A46B-465D-B3F2-FBC665393417} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster\Autoupdate.exe [2013-06-08] ()
Task: {A6CB62A5-9086-47DF-AA73-2001377AA2E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEC06C5E-353A-466A-AF82-C562129930A2} - System32\Tasks\{64F55017-EDFF-49DC-8F8D-5ED2666E1860} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {F03ECFAE-6B94-4547-ADA4-4AE364D6DA52} - System32\Tasks\SONY\VAIO Wallpaper Setting Tool\VAIO Wallpaper Setting Tool => C:\Program Files (x86)\Sony\VAIO Wallpaper Setting Tool\VWSet.exe [2008-06-27] (Sony Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-30 21:55 - 2008-09-25 19:02 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2010-02-24 00:48 - 2010-02-24 00:48 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-08-26 14:41 - 2008-08-26 14:41 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-24 01:01 - 2008-11-05 21:32 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll
2010-02-24 01:01 - 2008-11-05 21:32 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: HDAUDIO SoftV92 Data Fax Modem with SmartCP
Description: HDAUDIO SoftV92 Data Fax Modem with SmartCP
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: CXT
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2013 02:08:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 04:46:03 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 04:37:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2013 04:37:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2013 04:37:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2013 04:37:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/31/2013 04:37:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 04:29:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 02:54:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/31/2013 02:46:54 AM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 5.10.0.116, time stamp 0x50001496, faulting module Skype.exe, version 5.10.0.116, time stamp 0x50001496, exception code 0xc0000005, fault offset 0x001db3ab,
process id 0x898, application start time 0xSkype.exe0.


System errors:
=============
Error: (12/31/2013 02:10:57 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (12/31/2013 02:10:57 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (12/31/2013 02:08:53 PM) (Source: Service Control Manager) (User: )
Description: Beep
DMICall
SASDIFSV
SASKUTIL

Error: (12/31/2013 02:08:45 PM) (Source: Service Control Manager) (User: )
Description: MxlW2k%%1275

Error: (12/31/2013 02:08:02 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:46 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:45 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:45 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:39 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 04:48:16 AM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-31 14:17:22.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.731
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.244
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys.bak because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:21.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-31 14:17:20.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 4062.12 MB
Available physical RAM: 2599.41 MB
Total Pagefile: 8299.5 MB
Available Pagefile: 6552.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.24 GB) (Free:130.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 43B0960B)
Partition 1: (Not Active) - (Size=11 GB) - (Type=27)
Partition 2: (Active) - (Size=222 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Without_A_Monitor, 31 December 2013 - 04:33 PM.


#5 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 01 January 2014 - 06:53 PM

Hey, Georgi. Happy New Year. I forgot to attach the MBAR system log. So, here it is.

 

By the way, I noticed that my volume mixer is acting weird because I have opened it up several times to find different results. Besides, the "Speaker/HP," "Windows Sounds," "Mozilla Firefox" and "Adobe Flash Player 11.8 r800," there was a "no name available" entry. After that, there was a "Vaio Event Service" entry instead of the "No Name Available," Subsequently, both the "No Name Available" and "Vaio Event Service" were gone.

 

 

 

 

 

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2244227072

Downloaded database version: v2013.12.30.07
Downloaded database version: v2013.12.18.01
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2400641024

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2611363840

=======================================
Initializing...
------------ Kernel report ------------
     12/30/2013 15:47:10
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80083f42f0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa80083de050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80079d0790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa80079c80a0
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006f5a790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005990050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006f5a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006e551d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006f5a790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051bde40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005990050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80079d0790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80079d02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80079d0790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80079c80a0, DeviceName: \Device\00000063\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80083f42f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80079cab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80083f42f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80083de050, DeviceName: \Device\00000064\, DriverName: \Driver\rimsptsk\
------------ End ----------
Infected: C:\Users\El Diego\AppData\Local\65c23f4a\@ --> [Backdoor.0Access]
Infected: C:\Users\El Diego\Local Settings\Application Data\65c23f4a\U --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 3101003776

=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2422964224

Initializing...
======================
------------ Kernel report ------------
     12/30/2013 16:49:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800843f790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa8008429050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007a1f790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa8007a199e0
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006eb1790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005200050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006eb1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006eb11a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006eb1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051fb700, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005200050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8007a1f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007a1f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007a1f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007a199e0, DeviceName: \Device\00000063\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800843f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800843f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800843f790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008429050, DeviceName: \Device\00000064\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2869276672

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2816274432

Initializing...
======================
------------ Kernel report ------------
     12/30/2013 18:45:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008379790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa8008414050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008367790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa800836f9e0
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006fa5110
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80059a9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006fa5110, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ecea70, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006fa5110, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051d6a90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80059a9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008367790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083672c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008367790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800836f9e0, DeviceName: \Device\00000063\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008379790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083792c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008379790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008414050, DeviceName: \Device\00000064\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2246262784

=======================================
Initializing...
------------ Kernel report ------------
     12/30/2013 19:22:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8008379790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa8008414050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008367790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa800836f9e0
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006fa5110
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80059a9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006fa5110, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005ecea70, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006fa5110, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051d6a90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80059a9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008367790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083672c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008367790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa800836f9e0, DeviceName: \Device\00000063\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8008379790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083792c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008379790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008414050, DeviceName: \Device\00000064\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2697404416

Initializing...
======================
------------ Kernel report ------------
     12/30/2013 22:27:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa80084662f0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa8008450050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80083b1790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000063\
Lower Device Object: 0xfffffa80083a99e0
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006ec8790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800599c050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006ec8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006ec8210, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006ec8790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051b9590, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800599c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80083b1790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083b12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80083b1790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80083a99e0, DeviceName: \Device\00000063\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa80084662f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80083b3b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80084662f0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008450050, DeviceName: \Device\00000064\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.994000 GHz
Memory total: 4259438592, free: 2745884672

Initializing...
======================
------------ Kernel report ------------
     12/31/2013 01:59:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\yk60x64.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdsn64.sys
\SystemRoot\system32\DRIVERS\rimssn64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\drivers\btwavdt.sys
\SystemRoot\system32\drivers\btwaudio.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\system32\DRIVERS\btwrchid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\xaudio64.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\WUDFPf.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007927700
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000065\
Lower Device Object: 0xfffffa8007943050
Lower Device Driver Name: \Driver\rimsptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa80077a2790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000064\
Lower Device Object: 0xfffffa80077b0910
Lower Device Driver Name: \Driver\risdptsk\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006e9f790
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa800598f050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006e9f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006e9f2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006e9f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80051ca7e0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa800598f050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 43B0960B

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 22315008

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 22317056  Numsec = 466078064
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa80077a2790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80077b1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80077a2790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80077b0910, DeviceName: \Device\00000064\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8007927700, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007959b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007927700, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007943050, DeviceName: \Device\00000065\, DriverName: \Driver\rimsptsk\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_22317056_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
 


Edited by Without_A_Monitor, 02 January 2014 - 01:00 AM.


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 02 January 2014 - 05:54 AM

Hello,

 

 

Happy New Year to you as well! :)

 

 

Lol, you posted the system-scan log a lot of times in a single post. :)

 

 

I have both of the Farbar logs below this statement, Georgi. By the way, I should probably note that I was infected with ScorpionSaver/AdPeak/LevelQualityWatcher about one month ago. I came here and made a thread in the "Am I Infected? What do I do?" I received great help on the problem and seemingly had resolved it. Do you think that this Backdoor.0Access is related to the infection from one month ago?

 

I don't think that the above PUP applications have something to do with ZeroAccess.

 

Most commonly, Zeroaccess is spread through websites that have been compromised then attempt to exploit various vulnerabilities to penetrate the computer and infect it.

 

Fortunately the computer seems to be clean but let's delete some leftovers and orphaned entries from the registry now..

 

Please download the following file => [attachment=145403:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

By the way, I noticed that my volume mixer is acting weird because I have opened it up several times to find different results. Besides, the "Speaker/HP," "Windows Sounds," "Mozilla Firefox" and "Adobe Flash Player 11.8 r800," there was a "no name available" entry. After that, there was a "Vaio Event Service" entry instead of the "No Name Available," Subsequently, both the "No Name Available" and "Vaio Event Service" were gone.

That's weird indeed. Did you try to update Adobe Flash Player to the latest version? Also I noticed some problems with the drivers on your computer and maybe you should take care of the problems by updating them one by one:

 

The following intel drivers are missing regarding the FRST log

 

S3 igfx; system32\DRIVERS\igdkmd64.sys [x]
S3 IntcHdmiAddService; system32\drivers\IntcHdmi.sys [x]

 

 

The dll used by Windows Defender is missing as well:

 

S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]

 

also beep service has no image path:

 

S1 Beep; No ImagePath

 

Let's check this out:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind

    mpsvc.dll

    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep
    /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

 

You may want to take a look in the Device Manager and enable the following devices if you need them:

 

==================== Faulty Device Manager Devices =============

Name: HDAUDIO SoftV92 Data Fax Modem with SmartCP
Description: HDAUDIO SoftV92 Data Fax Modem with SmartCP
Class Guid: {4d36e96d-e325-11ce-bfc1-08002be10318}
Manufacturer: CXT
Service: Modem
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions

 

Regarding the error below you may want to update Skype to the latest version => Skype 6.11.73.102 Final (you should retype your password again after the update to log-in so keep this in mind)
 

Error: (12/31/2013 02:46:54 AM) (Source: Application Error) (User: )
Description: Faulting application Skype.exe, version 5.10.0.116, time stamp 0x50001496, faulting module Skype.exe, version 5.10.0.116, time stamp 0x50001496, exception code 0xc0000005, fault offset 0x001db3ab,
process id 0x898, application start time 0xSkype.exe0.

The errors below are caused by Beep again, SUPERAntispyware and one Sony service. You may consider to uninstall SAS if the errors continue

 

If you decide to uninstall then check this FAQ for more info (there is an uninstaller tool for SAS on that page as well):

 

Frequently Asked Questions

 

Error: (12/31/2013 02:08:53 PM) (Source: Service Control Manager) (User: )
Description: Beep
DMICall
SASDIFSV
SASKUTIL

Error: (12/31/2013 02:07:45 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:45 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

the following drivers needs to be updated since they are reported as incompatibility with Windows Vista at the momment:

 

Error: (12/31/2013 02:08:02 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/31/2013 02:07:46 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 02 January 2014 - 03:31 PM

I really appreciate your help. I'm sorry about posting the system log multiple times.

 

Here is the fixlog from FRST

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-01-2014 01
Ran by El Diego at 2014-01-02 15:21:38 Run:1
Running from C:\Users\El Diego\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKLM-x32 - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -  No File
URLSearchHook: HKCU - AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
2013-12-30 16:08 - 2011-11-06 17:29 - 00000000 __SHD C:\Users\El Diego\AppData\Local\65c23f4a
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
C:\Users\El Diego\AppData\Roaming\desktop.ini
C:\Users\El Diego\AppData\Local\temp
end
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} => Value deleted successfully.
HKCR\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key deleted successfully.
catchme => Service deleted successfully.
C:\Users\El Diego\AppData\Local\65c23f4a => Moved successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\Users\El Diego\AppData\Roaming\desktop.ini => Moved successfully.
C:\Users\El Diego\AppData\Local\temp => Moved successfully.

==== End of Fixlog ====

 

 

 

 

 

Here is the log from systemlook, which evidently needs the vista 64 bit version. I don't think that either link provided had the 64 bit version. So, I apologize if I did this incorrectly or for any mishap.

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:25 on 02/01/2014 by El Diego
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

No Context:     :filefind

No Context:     mpsvc.dll

No Context:     :reg

No Context:     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep /s

-= EOF =-

 

 

 

 

 

 

What should I do about beep, the dll for windows defender and the drivers? I think that I uninstalled windows defender a long time ago, but I am unsure. I will update both Adobe Flash Player and Skype as you suggested.

 

 

 

Thank you very much for your ongoing help.

 

 

 

 

 

By the way, I ran RKill a few days ago to see if it detected anything and this was the log.

 

 

 

Rkill 2.6.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/30/2013 07:05:05 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\RtkAudioService.exe (PID: 1392) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!


Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 12/30/2013 07:06:52 PM
Execution time: 0 hours(s), 1 minute(s), and 46 seconds(s)
 


Edited by Without_A_Monitor, 02 January 2014 - 03:44 PM.


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 02 January 2014 - 05:01 PM

Hello,

 

Here is the log from systemlook, which evidently needs the vista 64 bit version. I don't think that either link provided had the 64 bit version. So, I apologize if I did this incorrectly or for any mishap.

 

Here is the x64 bit version of SystemLook => SystemLook (64-bit) Please re-run the script above and post the new log.

A note - it seems that something went wrong when you put the script into the codebox

Make sure it look like the screenshot below before you press the Look button.

 

sewHX8A.jpg

 

What should I do about beep, the dll for windows defender and the drivers? I think that I uninstalled windows defender a long time ago, but I am unsure.

 

Windows Defender is built-in Windows Vista and above and can't be uninstalled (only disabled). We will see how to proceed based on the SystemLook log results.

 

By the way, I ran RKill a few days ago to see if it detected anything and this was the log.

 

The log is clean and that's very good. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 02 January 2014 - 05:20 PM

Hey, Georgi. I hope that you're doing well. Once again, much obliged for your great help. I'm sorry for being such a novice. Thank you for providing the 64 bit System Look. Indeed, when I copied and pasted that text into System Look, the text wasn't all the way to the left and had spaces in between the lines. After making those adjustments, the scan worked and produced a log. Here it is.

 

 

 

 

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:16 on 02/01/2014 by El Diego
Administrator - Elevation successful

========== filefind ==========

Searching for "mpsvc.dll"
C:\Program Files\Microsoft Security Client\MpSvc.dll    --a---- 1571328 bytes    [22:14 23/10/2013]    [22:14 23/10/2013] 8077537B1600AF493E7EE1A7A5C90799
C:\Program Files\Windows Defender\MpSvc.dll    --a---- 383544 bytes    [02:47 21/01/2008]    [02:47 21/01/2008] 7D2A43E8FDF725A1133F6C6056A72CDC
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6001.18000_none_b3db4c4e108c89fb\MpSvc.dll    --a---- 383544 bytes    [02:47 21/01/2008]    [02:47 21/01/2008] 7D2A43E8FDF725A1133F6C6056A72CDC
C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.0.6002.18005_none_b5c6c55a0dae5547\MpSvc.dll    --a---- 383544 bytes    [02:47 21/01/2008]    [02:47 21/01/2008] 7D2A43E8FDF725A1133F6C6056A72CDC

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep]
"ErrorControl"= 0x0000000001 (1)
"Group"="Base"
"Start"= 0x0000000001 (1)
"Tag"= 0x0000000002 (2)
"Type"= 0x0000000001 (1)


-= EOF =-



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 02 January 2014 - 07:11 PM

Hello,

 

I forgot that MpSvc.dll is stored at %ProgramFiles%\Windows Defender\mpsvc.dll instead of %ProgramFiles(x86)%\Windows Defender\mpsvc.dll but probably the service should be corrected manually because the servicedll filepath is wrong and point to x86 version.

 

Beep service look damaged so we should fix it.

 

Backup Your Registry

 

Now download the following file and save it to your desktop:

Beep.reg

WinDefend.reg

 

Now double click on it. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

Reboot the computer and let me know if the volume mixer is still an issue.

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 02 January 2014 - 08:40 PM

Hey, man. I'm most grateful for all that you're doing. I did exactly as you listed. I downloaded and installed Tweaking.com-Registry Backup. I additionally opened it up and clicked "backup now." Once it was finished, I closed the application. Is there a file somewhere for the backed-up registry, or does Tweaking.com Registry Backup simply hold a copy of the registry? I also downloaded both the Beep.reg and WinDefend.reg files and saved them on the desktop. I ran both of them and selected "yes" to alter the registry. The volume mixer does not seem to have any issues now. Should I keep both the Beep.reg and WinDefend.reg files on the desktop, or can I move them somewhere else? Once again, a many thanks for your tremendous assistance, Georgi.


Edited by Without_A_Monitor, 02 January 2014 - 09:00 PM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 02 January 2014 - 09:18 PM

Hello,

 

I am glad I am of any help. :)

 

Is there a file somewhere for the backed-up registry, or does Tweaking.com Registry Backup simply hold a copy of the registry?

 

I am not sure where the program store the backup but you can restore it (if needed) from the following menu: (simple select the wanted backup from the list to use it)

stkgntT.jpg

 

The volume mixer does not seem to have any issues now.

 

I want to check something else as well because there is a trojan which causes similar issues. ZeroAccess could be a tricky one so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 4

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

STEP 5

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 02 January 2014 - 10:35 PM

Well, I sincerely appreciate it. Thank you.

 

Can I move the Beep.reg and WinDefend.reg files from the desktop, or should they stay there?

 

 

 

 

Here is the link for the RogueKiller log:  http://pastebin.com/8CFn1R00

 

 

Here is the link for the TDSSKiller log: http://pastebin.com/f53dQb51

 

 

Here is the log from HitmanPro:


HitmanPro 3.7.8.208

www.hitmanpro.com



   Computer name . . . . : EL_DIEGO

   Windows . . . . . . . : 6.0.2.6002.X64/2

   User name . . . . . . : El_Diego\El Diego

   UAC . . . . . . . . . : Disabled

   License . . . . . . . : Free



   Scan date . . . . . . : 2014-01-02 22:04:18

   Scan mode . . . . . . : Normal

   Scan duration . . . . : 5m 7s

   Disk access mode  . . : Direct disk access (SRB)

   Cloud . . . . . . . . : Internet

   Reboot  . . . . . . . : No



   Threats . . . . . . . : 0

   Traces  . . . . . . . : 138



   Objects scanned . . . : 3,124,104

   Files scanned . . . . : 31,611

   Remnants scanned  . . : 497,722 files / 2,594,771 keys



Suspicious files ____________________________________________________________



   C:\Users\El Diego\AppData\Local\PunkBuster\ET\pb\pbcl.dll

      Size . . . . . . . : 961,798 bytes

      Age  . . . . . . . : 534.1 days (2012-07-17 19:47:55)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : AC46384133D9411B88E263BE1D6D0A15EF7B2EB1CBC47ABAB1733DEB8F158026

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\El Diego\AppData\Local\PunkBuster\ET\pb\PnkBstrK.sys

      Size . . . . . . . : 137,176 bytes

      Age  . . . . . . . : 534.1 days (2012-07-17 19:49:40)

      Entropy  . . . . . : 7.7

      SHA-256  . . . . . : E56C38E22B5904C9BE86AB73A7521899355DA09B33CD95204C4C0E40C800F950

      RSA Key Size . . . : 1024

      Authenticode . . . : Valid

      Fuzzy  . . . . . . : 22.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.

         The file is a device driver. Device drivers run as trusted (highly privileged) code.

         Program is code signed with a valid Authenticode certificate.



   C:\Users\El Diego\AppData\Local\PunkBuster\RTCW\pb\pbcl.dll

      Size . . . . . . . : 870,427 bytes

      Age  . . . . . . . : 1408.9 days (2010-02-23 23:36:10)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : ABA748978A439C7F3CFE0DF50E56339E7588B0E0C327FB85A05826DBA6C3F7C0

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.



   C:\Users\El Diego\AppData\Local\PunkBuster\RTCW\pb\pbcls.dll

      Size . . . . . . . : 870,427 bytes

      Age  . . . . . . . : 912.8 days (2011-07-05 03:06:45)

      Entropy  . . . . . : 7.6

      SHA-256  . . . . . : ABA748978A439C7F3CFE0DF50E56339E7588B0E0C327FB85A05826DBA6C3F7C0

      Fuzzy  . . . . . . : 29.0

         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.

         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.

         Authors name is missing in version info. This is not common to most programs.

         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

         Program contains PE structure anomalies. This is not typical for most programs.





Cookies _____________________________________________________________________



   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:4tube.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.batanga.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.jmg.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.click-now.co

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.genericlink.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pornerbros.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.videohub.tv

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:banners.sexypartners.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:beautifulmaturebleep.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:cdn.engine.phn.doublepimp.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:creatives.livejasmin.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.streamate.doublepimp.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:flirt4free.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:bleepmaturetube.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:h2porn.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:mamasextube.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:maturesexstream.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:nhl.112.2o7.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:pool-eu-ie.creative-serving.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoxo.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:realitykings.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:rk.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:sunporno.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:watchmygf.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.4tube.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.flirt4free.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.bleepablemommy.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.bleepmaturetube.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.gaypornandsex.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.maturesexstream.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornoxo.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.realitykings.com

   C:\Users\El Diego\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sunporno.com

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\03JNLEIG.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\0YU2O222.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\26WN1E0T.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\43QH8O7H.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\46C921V0.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\4AH9EWGQ.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\ED70HD89.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@4tube[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@admin.streamate.doublepimp[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@bangbros1[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@br.realitykings[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@br.rk[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@creatives.livejasmin[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@delivery.adyea[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@flirt4free[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@gallys.realitykings[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@gallysorig.realitykings[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@livejasmin[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@mamainbed[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@milfsoup[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@realitykings[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@rk[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@rts.doublepimp[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@rts.lj.doublepimp[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@rts.phn.doublepimp[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@streamate.doublepimp[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@watchmygf[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.flirt4free[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.flirt4free[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.mothervsboy[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.realitykings[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.realitykings[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.realitykings[3].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.rk[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@www.rk[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@x-assparade.bangbros1[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@x-assparade.bangbros1[2].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@x-bangbus.bangbros1[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@x-milflessons.bangbros1[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@x-milfsoup.bangbros1[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\el_diego@xaxtube[1].txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\G6XQ19ND.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\GBTR2Y2G.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\GM4QVRNM.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\GR0HWHUW.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\HMOH1NSG.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\ISW7MZ4M.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\JDH8G7UQ.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\JKU92L2C.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\K5VO2F71.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\KFTDCV5K.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\LVC2QP1V.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\M75WPEZ9.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\MKMOYLZD.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\ML6AUOEQ.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\NT52VHLM.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\O45TVIJP.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\P3ZNJGC7.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\PQSLI5Y7.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\R3A7LJAQ.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\RS6AO6O4.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\UJW0QPE5.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\V0TJQ6N2.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\V9EINRVA.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\X7GYXES0.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\ZFS1SL85.txt

   C:\Users\El Diego\AppData\Roaming\Microsoft\Windows\Cookies\ZW0MOUSY.txt

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:ad.leadbolt.net

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:adultswim.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:boards.adultswim.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:clickbank.net

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:linksynergy.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:roispy.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:stats.popscreen.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:video.adultswim.com

   C:\Users\El Diego\AppData\Roaming\Mozilla\Firefox\Profiles\z7ozoluc.default\cookies.sqlite:www.googleadservices.com





 

 

Here is the link for the FRST Search log: http://pastebin.com/0VmMHTza

 

 

Here is the log for Security Check:

 

 

 Results of screen317's Security Check version 0.99.77  
 Windows Vista Service Pack 2 x64 (UAC is disabled!)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 SUPERAntiSpyware Free Edition   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player     11.8.800.94  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
 Google Chrome 31.0.1650.57  
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:33 PM

Posted 03 January 2014 - 06:27 AM

Hello,

 

 

The logs are CLEAN! Congratulations. :bananas:

 

 

 

Nicely done ! This is the end of our journey if you don't have any more questions.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 - UPDATING TASKS

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.04 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.4 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.
  • Also please download and install the following update 11.0.05

 
Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

 

 

 

Your adobe flash player is out of date. Older versions are vulnerable to attack and exploitation. Please go to the links below to update it:

Adobe Flash Player 11.9.900.170 Final for (Internet Explorer)

Adobe Flash Player 11.9.900.170 Final for (Firefox, Safari, Opera)

Note: Your browsers should be closed before proceeding with the installation process.

 

 

  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 

Visit Microsoft's Windows Update Site Frequently

 

  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.  
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

 

STEP 2 - CLEANUP


To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Download the following file => txt.gif  fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.
It's no needed to post the log this time.

 

 

Please download OTC.exe by OldTimer and save it to your desktop.
 

  • Right-click the OTC.exe and choose Run as Administrator.
  • Click on CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

 

  • Next please download Delfix.exe by Xplode and save it to your desktop.
  • Please start it and check the box next to "Remove disinfection tools" and click on the run button.
  • The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You can delete the *.reg files from your desktop as well. :)



STEP 3 SECURITY ADVICES



Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use PC Tools Password Generator to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft



Keep your antivirus software turned on and up-to-date

 

  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • You should scan your computer with an AntiSpyware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
  • Be sure to check for and download any definition updates prior to performing a scan.

 

 

Install HIPS based software if needed (or use Limited Account with UAC enabled)


HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.
 
If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 6. Personally I stick to version 5 at least for now.
COMODO V5 & V6 Users Count Poll

 

 

 

Be prepared for CryptoLocker:

 

 

CryptoLocker Ransomware Information Guide and FAQ

Cryptolocker Ransomware: What You Need To Know

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against this locker.

Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders

Panda Antivirus Cloud added a new feature called data shield which should work as well (don't install it if already have another antivirus solution on board).

You may want to check HitmanPro.Alert.CryptoGuard and add install it to be safe when surfing the net.

 

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:
 

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • .exe, .com, .bat, .pif, .scr or .cmd do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

 

 

Tweak your browsers
 
 
MOZILLA FIREFOX


To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus

 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

Adblock Plus can be found here.

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

NoScript can be found here
 

 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access

 

 

 

For Internet Explorer 9/10 read the articles below:
 

Security and privacy features in Internet Explorer 9

Enhanced Protected Mode
Use Tracking Protection in Internet Explorer

Security in Internet Explorer 10

 

Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6

Also MBAM acquired the following software Malwarebytes Anti-Exploit and it should work with the most popular browsers. Beware the product is in beta stage.

Changelog can be seen here and known issues here.

 

EMET is another great tool which should lock the pc against exploits (but can cause some programs to stop working when the protection is enabled so I would stick to Malwarebytes Anti-Exploit).
 

 

 

Disable the dangerous services you don't need and don't use like Remote Registy, Server (this will disable file sharing), RemoteAccess etc. (if you don't feel comfortable to change the services configuration then please skip this step). It's a good idea to disable the autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.


 
Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.

 

 

 

Create an image of your system (you can use the built-in Windows software as well if you prefere)

 

  • Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
  • Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
  • The download link is here.
  • The tutorials can be found here.
  • Be sure to read the tutorial first.

 

 

Optimize Windows VISTA for better performance

Check this article for more information.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

Safe Surfing! :)


Edited by B-boy/StyLe/, 03 January 2014 - 06:28 AM.

cXfZ4wS.png


#15 Without_A_Monitor

Without_A_Monitor
  • Topic Starter

  • Members
  • 339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh bleepinverse
  • Local time:12:33 PM

Posted 03 January 2014 - 03:57 PM

Wow, I am sincerely most grateful, Georgi. I downloaded, installed and updated both Adobe Reader and Flash Player. I additionally performed the actions that you listed for FRST, OTC and Delfix, although I still have Adwcleaner, JRT, HitmanPro, TDSSKiller and Tweaking.com Registry Backup. Is that okay? I didn't attempt to keep anything. I already had Adwcleaner, JRT and TDSSKiller before you started helping me. Is it alright if those programs remain? Additionally, what should I do with the WinDefender.reg and Beep.reg files? I also downloaded and installed Hitman.ProAlert.Cryptoguard. I changed several of my passwords, but should I change all of them as you suggested just to be safe? As for the rest of your most helpful list, is there anything that you strongly stress that I do? Once again, I am immensely thankful for all that you've done.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users