Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe playing audio, found zeroaccess on my computer


  • This topic is locked This topic is locked
10 replies to this topic

#1 menorevs

menorevs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 January 2014 - 05:43 PM

Ran rkill.exe and it returned this

 

 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\ [ZA Dir]
     * C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\@ [ZA File]
     * C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\L\ [ZA Dir]
     * C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\U\ [ZA Dir]
     * C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\U\80000064.@ [ZA File]
     * C:\Windows\Installer\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\ [ZA Dir]
     * C:\Windows\Installer\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\L\ [ZA Dir]
     * C:\Windows\Installer\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\U\ [ZA Dir]
 
 
I have tried some rootkit removal but still having the problems.  Just let me know what logs to post.  Thanks in advance!


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:27 AM

Posted 02 January 2014 - 08:25 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Also

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi


cXfZ4wS.png


#3 menorevs

menorevs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 January 2014 - 08:35 PM

Thank you Georgi for taking the time looking into this....

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by Johnny (administrator) on JOHNNY-PC on 02-01-2014 20:31:40
Running from C:\Users\Johnny\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apache Software Foundation) C:\AppServ\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\AppServ\Apache2.2\bin\httpd.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\AppServ\MySQL\bin\mysqld-nt.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Flux Software LLC) C:\Users\Johnny\AppData\Local\FluxSoftware\Flux\flux.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit-tray.exe
() C:\Program Files (x86)\No-IP\DUC30.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(APN LLC.) C:\Users\Johnny\AppData\Local\VNT\vntldr.exe
(Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\Run: [F.lux] - C:\Users\Johnny\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKCU\...\Run: [Fitbit Service Monitor] - C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2177056 2012-06-22] (Fitbit, Inc.)
HKCU\...\Run: [Camfrog] - C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNET.exe [53600 2013-06-24] (Camshare, Inc.)
HKU\Karen\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Karen\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x635D3A08712ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Handler-x32: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nbc.com/DirectPlayer - C:\Program Files (x86)\NBC Direct\npDirectPlayerMozilla.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johnny\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johnny\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Performance Cache - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\pgxfwdwfay@pgxfwdwfay.org.xpi
FF Extension: Ask Toolbar - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\toolbar_CMG-V7@apn.ask.com.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKCU\...\Firefox\Extensions: [{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}] - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Johnny\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Google Docs) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Cast) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1210.0.6_0
CHR Extension: (Google Search) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0
CHR Extension: (Skype Click to Call) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Google Wallet) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaajdkgnibfhemkjleoikkioeochldo] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMGV7-SAT\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaajfdmjahpbdoeompbfmghniokhfji] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMG-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [24635 2008-01-17] (Apache Software Foundation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [729088 2009-09-06] (FileZilla Project)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1200160 2012-11-09] (Fitbit, Inc.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [349184 2012-06-01] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 mysql; C:\AppServ\MySQL\my.ini [9573 2011-12-08] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
S2 HPSLPSVC; C:\Users\Johnny\AppData\Local\Temp\7zS66D0\hpslpsvc64.dll [x]
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [164720 2009-06-18] (Microsoft Corporation)
S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [151048 2009-09-10] (NCP Engineering GmbH)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43792 2010-12-01] (Oracle Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-02-12] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 MFE_RR; \??\C:\Users\Johnny\AppData\Local\Temp\mfe_rr.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-02 20:31 - 2014-01-02 20:32 - 00023317 _____ C:\Users\Johnny\Desktop\FRST.txt
2014-01-02 20:31 - 2014-01-02 20:31 - 01931498 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2014-01-02 20:31 - 2014-01-02 20:31 - 00000000 ____D C:\FRST
2014-01-02 20:27 - 2014-01-02 20:27 - 00004149 _____ C:\Users\Johnny\Desktop\RKreport[0]_D_01022014_202739.txt
2014-01-02 20:27 - 2014-01-02 20:27 - 00004111 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_202727.txt
2014-01-02 20:05 - 2014-01-02 20:05 - 00002900 _____ C:\Users\Johnny\Desktop\RKreport[0]_DN_01022014_200504.txt
2014-01-02 20:04 - 2014-01-02 20:04 - 00004063 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_200429.txt
2014-01-02 19:56 - 2014-01-02 20:27 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00359552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00228272 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00175664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00156080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00066304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00056688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00043792 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-02 19:56 - 2014-01-02 19:56 - 00005189 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt
2014-01-02 19:55 - 2014-01-02 20:27 - 14298944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01590688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0104.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0103.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0102.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0105.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00307560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0101.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00303464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0100.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00107288 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00057976 _____ (GFI Software) C:\Windows\system32\Drivers\SBREDrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00045416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00031976 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiLib.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026856 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiUSBXp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 06379288 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvuvc64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00261120 _____ (Pinnacle Systems GmbH) C:\Windows\system32\Drivers\MarvinBus64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00164720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00151048 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00040832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpNWMon.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 09319936 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00327704 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00306176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00304784 _____ C:\Windows\system32\Drivers\CVPNDRVA.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00215808 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emDevice64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00157968 _____ (Deterministic Networks, Inc.) C:\Windows\system32\Drivers\dne64x.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00079872 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emAudio64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045048 _____ (FabulaTech) C:\Windows\system32\Drivers\ftusbrdbus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014992 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\CVirtA64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006400 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emFilter64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006144 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emScan64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 19:47 - 2014-01-02 19:47 - 00023357 _____ C:\ComboFix.txt
2014-01-02 19:15 - 2014-01-02 17:17 - 01805736 _____ (Symantec Corporation) C:\Users\Johnny\Desktop\FixZeroAccess.exe
2014-01-02 19:15 - 2014-01-02 17:13 - 00039735 _____ C:\Users\Johnny\Desktop\Result.txt
2014-01-02 19:15 - 2014-01-02 17:11 - 00760063 _____ (Farbar) C:\Users\Johnny\Desktop\MiniToolBox.exe
2014-01-02 19:15 - 2014-01-02 17:11 - 00000296 _____ C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log
2014-01-02 19:15 - 2014-01-02 17:10 - 00782640 _____ (McAfee, Inc.) C:\Users\Johnny\Desktop\rootkitremover.exe
2014-01-02 19:15 - 2014-01-02 17:09 - 04101441 _____ C:\Users\Johnny\Desktop\tdsskiller.zip
2014-01-02 19:15 - 2014-01-02 17:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Johnny\Desktop\rkill.exe
2014-01-02 19:15 - 2014-01-02 16:45 - 03810304 _____ C:\Users\Johnny\Desktop\RogueKiller.exe
2014-01-02 19:15 - 2014-01-02 16:42 - 01233962 _____ C:\Users\Johnny\Desktop\AdwCleaner (1).exe
2014-01-02 17:18 - 2014-01-02 17:18 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-01-02 17:15 - 2014-01-02 17:15 - 00000000 ____D C:\Users\Johnny\AppData\Local\VNT
2014-01-02 17:02 - 2014-01-02 17:02 - 00001411 _____ C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt
2014-01-02 16:54 - 2014-01-02 19:59 - 00000000 ____D C:\Users\Johnny\Desktop\RK_Quarantine
2014-01-02 15:18 - 2014-01-02 15:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 14:49 - 2014-01-02 14:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-02 14:49 - 2014-01-02 14:49 - 00000000 ____D C:\Users\Administrator
2014-01-02 14:49 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-02 14:49 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-02 14:34 - 2014-01-02 20:05 - 00043436 _____ C:\Windows\system32\peerblock.dmp
2014-01-02 14:32 - 2014-01-02 14:32 - 00000616 _____ C:\Users\Johnny\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-02 08:40 - 2014-01-02 08:41 - 00000000 ____D C:\ea276f2f65a199760bc5b0
2014-01-02 08:36 - 2014-01-02 08:36 - 00037376 _____ C:\Windows\system32\uztfo.zuf
2014-01-02 08:25 - 2014-01-02 20:30 - 00000079 _____ C:\Windows\system32\jfjc.fgj
2014-01-02 08:25 - 2014-01-02 08:36 - 00000098 _____ C:\Windows\system32\ddrm.ezh
2014-01-02 08:25 - 2014-01-02 08:25 - 00000064 _____ C:\Windows\system32\cojj.dmq
2014-01-02 08:08 - 2014-01-02 08:08 - 00000000 ____S C:\Windows\system32\ssubni.ypz
2014-01-02 03:01 - 2014-01-02 03:02 - 00000000 ____D C:\99df9d4979cdc168ab0c
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\hsperfdata_Johnny
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Spring Tool Suite
2014-01-02 01:12 - 2014-01-02 01:14 - 00000000 ____D C:\Program Files\springsource
2014-01-01 03:01 - 2014-01-01 03:03 - 00000000 ____D C:\ef183e7b2d539f8e5445b63f864881ab
2013-12-31 03:01 - 2013-12-31 03:02 - 00000000 ____D C:\16dc6cff3c4df946f5f91b0cc0c6ab
2013-12-31 01:36 - 2013-12-31 03:03 - 19378702 _____ C:\Users\Johnny\Desktop\evasi0n7.exe
2013-12-30 22:00 - 2013-12-30 22:00 - 00000000 ____D C:\Users\Johnny\workspace
2013-12-30 21:59 - 2013-12-30 21:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-30 21:58 - 2014-01-02 01:06 - 00000000 ____D C:\Program Files\Java
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ____D C:\Development
2013-12-30 16:35 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\Camfrog
2013-12-30 16:28 - 2013-12-30 16:28 - 00219314 ____S C:\Windows\system32\tvlus.vvw
2013-12-28 18:53 - 2013-12-28 18:53 - 117548912 _____ C:\Users\Karen\Downloads\GoProStudioPC-2.0.0.285.exe
2013-12-28 18:48 - 2013-12-28 18:48 - 00000000 ____D C:\Users\Karen\Desktop\Master Card
2013-12-28 16:52 - 2014-01-02 03:03 - 00000000 ____D C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472}
2013-12-20 14:33 - 2013-12-20 14:46 - 00000000 ____D C:\The Sing Off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Users\Johnny\Desktop\The sing off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Sing
2013-12-18 16:17 - 2013-12-18 16:17 - 00819816 _____ C:\Windows\Minidump\121813-31761-01.dmp
2013-12-17 15:14 - 2013-12-30 16:35 - 00002187 _____ C:\Users\Johnny\Desktop\Camfrog Video Chat 6.6.lnk
2013-12-17 15:14 - 2013-12-30 16:35 - 00000000 ____D C:\Users\Karen\AppData\Local\VNT
2013-12-17 15:14 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-17 15:14 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.6
2013-12-16 18:24 - 2013-12-16 18:24 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2013-12-16 18:15 - 2013-12-16 18:15 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-12-14 09:53 - 2013-12-18 10:13 - 00000000 ____D C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324}
2013-12-07 22:51 - 2013-12-08 22:52 - 00000000 ____D C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C}
2013-12-07 22:22 - 2013-12-07 22:25 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Users\Johnny\Desktop\New folder (2)
2013-12-04 22:51 - 2013-12-04 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-04 22:49 - 2013-12-07 10:51 - 00000000 ____D C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466}
2013-12-04 22:49 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\Apple Computer
2013-12-04 22:48 - 2013-12-04 22:55 - 00000000 ____D C:\Users\Karen\AppData\Roaming\MediaMonkey
2013-12-04 22:48 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Local\MediaMonkey
 
==================== One Month Modified Files and Folders =======
 
2014-01-02 20:32 - 2014-01-02 20:31 - 00023317 _____ C:\Users\Johnny\Desktop\FRST.txt
2014-01-02 20:32 - 2009-10-07 17:35 - 01261754 _____ C:\Windows\WindowsUpdate.log
2014-01-02 20:31 - 2014-01-02 20:31 - 01931498 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2014-01-02 20:31 - 2014-01-02 20:31 - 00000000 ____D C:\FRST
2014-01-02 20:31 - 2010-04-27 00:42 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA.job
2014-01-02 20:30 - 2014-01-02 08:25 - 00000079 _____ C:\Windows\system32\jfjc.fgj
2014-01-02 20:29 - 2013-11-19 19:20 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2014-01-02 20:29 - 2012-11-15 17:03 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-02 20:29 - 2012-11-15 17:03 - 00000218 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-02 20:29 - 2012-11-15 17:02 - 00151552 _____ C:\Windows\KMSEmulator.exe
2014-01-02 20:28 - 2013-10-08 09:35 - 00007646 _____ C:\Windows\setupact.log
2014-01-02 20:28 - 2009-10-08 02:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 20:28 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 20:27 - 2014-01-02 20:27 - 00004149 _____ C:\Users\Johnny\Desktop\RKreport[0]_D_01022014_202739.txt
2014-01-02 20:27 - 2014-01-02 20:27 - 00004111 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_202727.txt
2014-01-02 20:27 - 2014-01-02 19:56 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00359552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00228272 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00175664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00156080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00066304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00056688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00043792 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 14298944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01590688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0104.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0103.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0102.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0105.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00307560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0101.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00303464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0100.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00107288 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00057976 _____ (GFI Software) C:\Windows\system32\Drivers\SBREDrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00045416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00031976 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiLib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026856 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiUSBXp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 06379288 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvuvc64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00261120 _____ (Pinnacle Systems GmbH) C:\Windows\system32\Drivers\MarvinBus64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00164720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00151048 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00040832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpNWMon.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 09319936 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00327704 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00306176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00304784 _____ C:\Windows\system32\Drivers\CVPNDRVA.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00215808 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emDevice64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00157968 _____ (Deterministic Networks, Inc.) C:\Windows\system32\Drivers\dne64x.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00079872 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emAudio64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045048 _____ (FabulaTech) C:\Windows\system32\Drivers\ftusbrdbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014992 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\CVirtA64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006400 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emFilter64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006144 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emScan64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 20:23 - 2009-07-14 00:13 - 00876886 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 20:15 - 2010-03-18 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Apps\2.0
2014-01-02 20:12 - 2009-07-13 23:45 - 00019792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:12 - 2009-07-13 23:45 - 00019792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:06 - 2013-10-16 08:47 - 00004336 _____ C:\Windows\PFRO.log
2014-01-02 20:05 - 2014-01-02 20:05 - 00002900 _____ C:\Users\Johnny\Desktop\RKreport[0]_DN_01022014_200504.txt
2014-01-02 20:05 - 2014-01-02 14:34 - 00043436 _____ C:\Windows\system32\peerblock.dmp
2014-01-02 20:05 - 2010-07-15 02:47 - 00000000 ____D C:\Program Files\PeerBlock
2014-01-02 20:04 - 2014-01-02 20:04 - 00004063 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_200429.txt
2014-01-02 19:59 - 2014-01-02 16:54 - 00000000 ____D C:\Users\Johnny\Desktop\RK_Quarantine
2014-01-02 19:59 - 2012-01-10 21:26 - 00000000 __SHD C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}
2014-01-02 19:56 - 2014-01-02 19:56 - 00005189 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt
2014-01-02 19:52 - 2013-07-31 13:08 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Johnny\Desktop\procexp.exe
2014-01-02 19:47 - 2014-01-02 19:47 - 00023357 _____ C:\ComboFix.txt
2014-01-02 19:47 - 2012-01-26 18:28 - 00000000 ____D C:\Qoobox
2014-01-02 19:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 19:18 - 2013-11-02 14:04 - 00000000 ____D C:\AdwCleaner
2014-01-02 18:53 - 2009-10-07 17:48 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B529D675-BBB8-40CA-AEFE-EBA5959014AF}
2014-01-02 17:18 - 2014-01-02 17:18 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-01-02 17:17 - 2014-01-02 19:15 - 01805736 _____ (Symantec Corporation) C:\Users\Johnny\Desktop\FixZeroAccess.exe
2014-01-02 17:15 - 2014-01-02 17:15 - 00000000 ____D C:\Users\Johnny\AppData\Local\VNT
2014-01-02 17:13 - 2014-01-02 19:15 - 00039735 _____ C:\Users\Johnny\Desktop\Result.txt
2014-01-02 17:11 - 2014-01-02 19:15 - 00760063 _____ (Farbar) C:\Users\Johnny\Desktop\MiniToolBox.exe
2014-01-02 17:11 - 2014-01-02 19:15 - 00000296 _____ C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log
2014-01-02 17:10 - 2014-01-02 19:15 - 00782640 _____ (McAfee, Inc.) C:\Users\Johnny\Desktop\rootkitremover.exe
2014-01-02 17:09 - 2014-01-02 19:15 - 04101441 _____ C:\Users\Johnny\Desktop\tdsskiller.zip
2014-01-02 17:09 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Johnny\Desktop\TDSSKiller.exe
2014-01-02 17:04 - 2014-01-02 19:15 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Johnny\Desktop\rkill.exe
2014-01-02 17:02 - 2014-01-02 17:02 - 00001411 _____ C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt
2014-01-02 16:51 - 2009-11-23 20:39 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-02 16:45 - 2014-01-02 19:15 - 03810304 _____ C:\Users\Johnny\Desktop\RogueKiller.exe
2014-01-02 16:45 - 2009-10-07 17:52 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\uTorrent
2014-01-02 16:42 - 2014-01-02 19:15 - 01233962 _____ C:\Users\Johnny\Desktop\AdwCleaner (1).exe
2014-01-02 15:18 - 2014-01-02 15:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 15:18 - 2010-04-12 19:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 15:08 - 2012-12-25 11:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2014-01-02 14:49 - 2014-01-02 14:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-02 14:49 - 2014-01-02 14:49 - 00000000 ____D C:\Users\Administrator
2014-01-02 14:33 - 2013-11-02 15:02 - 05160282 ____R (Swearware) C:\Users\Johnny\Desktop\ComboFix.exe
2014-01-02 14:32 - 2014-01-02 14:32 - 00000616 _____ C:\Users\Johnny\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-02 11:13 - 2013-03-09 09:08 - 00000000 ____D C:\Users\Karen\Tracing
2014-01-02 08:41 - 2014-01-02 08:40 - 00000000 ____D C:\ea276f2f65a199760bc5b0
2014-01-02 08:36 - 2014-01-02 08:36 - 00037376 _____ C:\Windows\system32\uztfo.zuf
2014-01-02 08:36 - 2014-01-02 08:25 - 00000098 _____ C:\Windows\system32\ddrm.ezh
2014-01-02 08:31 - 2010-04-27 00:42 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core.job
2014-01-02 08:25 - 2014-01-02 08:25 - 00000064 _____ C:\Windows\system32\cojj.dmq
2014-01-02 08:08 - 2014-01-02 08:08 - 00000000 ____S C:\Windows\system32\ssubni.ypz
2014-01-02 07:54 - 2009-10-18 22:22 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Skype
2014-01-02 03:26 - 2009-10-07 19:23 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Camfrog
2014-01-02 03:03 - 2013-12-28 16:52 - 00000000 ____D C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472}
2014-01-02 03:02 - 2014-01-02 03:01 - 00000000 ____D C:\99df9d4979cdc168ab0c
2014-01-02 03:02 - 2009-10-09 02:50 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\FileZilla
2014-01-02 02:00 - 2010-10-13 16:30 - 00000000 ____D C:\Users\Johnny\AppData\Local\Adobe
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\hsperfdata_Johnny
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Spring Tool Suite
2014-01-02 01:28 - 2009-10-07 17:39 - 00000000 ____D C:\Users\Johnny
2014-01-02 01:14 - 2014-01-02 01:12 - 00000000 ____D C:\Program Files\springsource
2014-01-02 01:06 - 2013-12-30 21:58 - 00000000 ____D C:\Program Files\Java
2014-01-01 12:48 - 2013-12-02 23:24 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\MediaMonkey
2014-01-01 03:03 - 2014-01-01 03:01 - 00000000 ____D C:\ef183e7b2d539f8e5445b63f864881ab
2013-12-31 03:31 - 2013-10-02 19:16 - 00000000 ____D C:\Users\Johnny\Desktop\MayaShop_WordPress_Theme
2013-12-31 03:03 - 2013-12-31 01:36 - 19378702 _____ C:\Users\Johnny\Desktop\evasi0n7.exe
2013-12-31 03:02 - 2013-12-31 03:01 - 00000000 ____D C:\16dc6cff3c4df946f5f91b0cc0c6ab
2013-12-31 03:02 - 2012-04-01 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-31 03:02 - 2011-08-08 12:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-30 22:00 - 2013-12-30 22:00 - 00000000 ____D C:\Users\Johnny\workspace
2013-12-30 22:00 - 2013-10-02 16:39 - 00000000 ____D C:\Users\Johnny\.android
2013-12-30 21:59 - 2013-10-16 14:19 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 21:58 - 2013-12-30 21:59 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ____D C:\Development
2013-12-30 16:35 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\Camfrog
2013-12-30 16:35 - 2013-12-17 15:14 - 00002187 _____ C:\Users\Johnny\Desktop\Camfrog Video Chat 6.6.lnk
2013-12-30 16:35 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Karen\AppData\Local\VNT
2013-12-30 16:35 - 2013-12-17 15:14 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-30 16:28 - 2013-12-30 16:28 - 00219314 ____S C:\Windows\system32\tvlus.vvw
2013-12-28 18:53 - 2013-12-28 18:53 - 117548912 _____ C:\Users\Karen\Downloads\GoProStudioPC-2.0.0.285.exe
2013-12-28 18:48 - 2013-12-28 18:48 - 00000000 ____D C:\Users\Karen\Desktop\Master Card
2013-12-26 17:22 - 2011-07-30 15:40 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\vlc
2013-12-20 14:46 - 2013-12-20 14:33 - 00000000 ____D C:\The Sing Off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Users\Johnny\Desktop\The sing off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Sing
2013-12-18 16:17 - 2013-12-18 16:17 - 00819816 _____ C:\Windows\Minidump\121813-31761-01.dmp
2013-12-18 16:17 - 2013-10-16 08:47 - 964584465 _____ C:\Windows\MEMORY.DMP
2013-12-18 16:17 - 2009-11-09 17:18 - 00000000 ____D C:\Windows\Minidump
2013-12-18 16:17 - 2009-07-14 00:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 10:13 - 2013-12-14 09:53 - 00000000 ____D C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324}
2013-12-17 15:14 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.6
2013-12-16 18:24 - 2013-12-16 18:24 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2013-12-16 18:24 - 2013-08-27 22:59 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Samsung
2013-12-16 18:22 - 2013-08-27 22:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-16 18:22 - 2009-10-08 02:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-16 18:21 - 2011-07-29 10:41 - 00000000 ____D C:\Users\Johnny\AppData\Local\Downloaded Installations
2013-12-16 18:15 - 2013-12-16 18:15 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-12-16 14:43 - 2009-10-08 01:46 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Mozilla
2013-12-15 03:05 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2009-10-08 02:03 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 09:39 - 2009-10-30 01:07 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\.purple
2013-12-11 03:01 - 2010-04-09 08:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-08 22:52 - 2013-12-07 22:51 - 00000000 ____D C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C}
2013-12-07 22:25 - 2013-12-07 22:22 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-12-07 22:25 - 2009-10-07 19:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-07 10:51 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466}
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Users\Johnny\Desktop\New folder (2)
2013-12-05 14:43 - 2012-03-05 13:53 - 00000000 ____D C:\Program Files (x86)\Fitbit
2013-12-04 22:55 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Roaming\MediaMonkey
2013-12-04 22:53 - 2013-03-09 09:07 - 00000000 ____D C:\Users\Karen\AppData\Roaming\Apple Computer
2013-12-04 22:52 - 2010-05-03 04:28 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Mp3tag
2013-12-04 22:51 - 2013-12-04 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-04 22:49 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\Apple Computer
2013-12-04 22:48 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Local\MediaMonkey
2013-12-03 08:26 - 2010-04-27 00:42 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA
2013-12-03 08:26 - 2010-04-27 00:42 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core
 
Files to move or delete:
====================
C:\Users\Johnny\usbit.exe
 
 
Some content of TEMP:
====================
C:\Users\Johnny\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 03:01
 
==================== End Of Log ============================


#4 menorevs

menorevs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 January 2014 - 08:36 PM

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2014
Ran by Johnny at 2014-01-02 20:33:47
Running from C:\Users\Johnny\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Disabled - Up to date) {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
AS: Microsoft Security Essentials (Disabled - Up to date) {950DAA4F-154B-C2C8-586C-3578FD336CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x32 Version:  - )
Active@ KillDisk (x32 Version: 7.0.4 - LSoft Technologies)
ActivePerl 5.10.1 Build 1007 (64-bit) (Version: 5.10.1007 - ActiveState)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (x32 Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 11.6 (x32 Version: 11.6.4.634 - Adobe Systems, Inc.)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (x32 Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Alpha SF Software Resource Explorer V1.2 (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AppServ 2.5.10 (remove only) (x32 Version:  - )
Ask Shopping Toolbar (x32 Version: 12.7.0.2448 - APN, LLC) <==== ATTENTION
Ask Toolbar (x32 Version: 12.7.0.2279 - APN, LLC) <==== ATTENTION
Audacity 2.0.3 (x32 Version: 2.0.3 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Camfrog Video Chat 6.6 (x32 Version: 6.6.336 - Camshare, Inc.)
CCleaner (Version: 3.16 - Piriform)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7 - Cisco Systems, Inc.)
CutePDF Writer 3.0 (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (x32 Version:  - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (Version:  - Microsoft)
Defraggler (Version: 2.15 - Piriform)
DiskAid 5.06 (x32 Version: 5.06 - DigiDNA)
DVD Decrypter (Remove Only) (x32 Version:  - )
DVD Shrink 3.2 (x32 Version:  - DVD Shrink)
f.lux (HKCU Version:  - )
Feedback Tool (x32 Version: 1.1.0 - Microsoft Corporation)
Feedback Tool (x32 Version: 1.2.0 - Microsoft Corporation)
ffdshow [rev 2527] [2008-12-19] (x32 Version: 1.0 - )
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
FileZilla Server (remove only) (x32 Version:  - )
Fitbit Base Station (Driver Removal) (x32 Version:  - Fitbit)
Fitbit Connect (x32 Version: 1.0.0.2292 - Fitbit Inc.)
Fitbit v2.1.0.9 (x32 Version: 2.1.0.9 - Fitbit, Inc.)
Foxit PDF Editor (x32 Version:  - )
Foxit Phantom (Version: 1.0.0901 - Foxit Software Company)
Foxit Reader (x32 Version: 3.1.2.1013 - Foxit Software Company)
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Gmail Notifier (x32 Version:  - Google Inc.)
Google Talk Plugin (x32 Version: 3.2.4.8431 - Google)
GTK+ Runtime 2.14.7 rev a (remove only) (x32 Version:  - )
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HP USB Disk Storage Format Tool (x32 Version:  - )
iCloud (Version: 2.1.0.39 - Apple Inc.)
Intel® Processor ID Utility (x32 Version: 4.20.0000 - Intel® Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450 - Oracle)
join.me (HKCU Version: 1.10.1.253 - LogMeIn, Inc.)
Kinovea (x32 Version: 0.8.15 - Kinovea)
K-Lite Codec Pack 5.1.0 (64-bit) (Version: 5.1.0 - )
LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
Logitech QuickCam Software (x32 Version: 8.47.0000 - Logitech, Inc.)
Macro Recorder (HKCU Version: 5.0.0.126 - Jitbit Macro Recorder)
Magic ISO Maker v5.5 (build 0265) (x32 Version:  - )
MagicDisc 2.7.106 (x32 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (x32 Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Beta English (x32 Version: 3.5.8044.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 14.0.1 (x86 en-US) (x32 Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 14.0.1 - Mozilla)
Mp3tag v2.58 (x32 Version: v2.58 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MYTRAK Manager Installer (x32 Version: 6.0.0.0 - MYTRAK Health System Inc.)
MYTRAK Manager Installer (x32 Version: 6.0.0.0 - MYTRAK Health System Inc.) Hidden
Nitro Reader 3 (Version: 3.0.6.3 - Nitro)
No-IP DUC (x32 Version: 3.0.4 - Vitalwerks Internet Solutions LLC)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42 - NVIDIA Corporation)
NVIDIA Control Panel 301.42 (Version: 301.42 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 301.42 (Version: 301.42 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.75.420 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0209 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0142 - NVIDIA Corporation) Hidden
NVIDIA Update 1.7.11 (Version: 1.7.11 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.0.4 (Version: 4.0.4 - Oracle Corporation)
Partition Wizard Home Edition 5.0 (x32 Version:  - MT Solution Ltd.)
PC Inspector File Recovery (x32 Version: 4.0 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1 (r518) (Version: 1.1.0.518 - PeerBlock, LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PicPick (x32 Version: 3.2.4 - NTeWORKS)
Pidgin (x32 Version: 2.6.3 - )
Pinnacle Instant DVD Recorder (x32 Version: 2.5.0.092 - Pinnacle Systems)
Pinnacle Video Driver (Version: 12.1.0.029 - Pinnacle Systems)
Poker Dominicano (x32 Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (x32 Version: 5 - Nitro PDF Software)
PS3 Media Server (x32 Version: 1.72.0 - PS3 Media Server)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5772 - Realtek Semiconductor Corp.)
Rosetta Stone Ltd Services (x32 Version: 3.2.17 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (x32 Version: 4.1.1 - Rosetta Stone, Ltd) Hidden
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd)
Rosetta Stone TOTALe (x32 Version: 4.1.15.1 - Rosetta Stone, Ltd) Hidden
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Seagate DiscWizard (x32 Version: 13.0.14387 - Seagate)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (x32 Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Smile Camera Setup (x32 Version: 1.0.0 - Brightwell)
SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1312.2 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
SQL Server System CLR Types (x32 Version: 10.50.1312.2 - Microsoft Corporation)
SUPERAntiSpyware (Version: 5.0.1150 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TagScanner 5.1.612 (x32 Version:  - Sergey Serkov)
TouchCopy 09 (x32 Version: 9.99 - Wide Angle Software)
TreeSize Free V2.7 (x32 Version: 2.7 - JAM Software)
TreeSize Professional V5.5.5 (x32 Version: 5.5.5 - JAM Software)
Tunatic (x32 Version:  - )
TurboTax 2011 (x32 Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0495 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wmdiper (x32 Version: 011.000.1615 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wmdiper (x32 Version: 012.000.1393 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Universal Extractor 1.6.1 (x32 Version: 1.6.1 - Jared Breland)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (Version:  - Microsoft)
USB for Remote Desktop (Server) 2.8 (x32 Version: 2.8.0.5 - FabulaTech) Hidden
USB over Network (Server) 4.4 (x32 Version: 4.4.0.8 - FabulaTech) Hidden
VLC media player 2.0.2 (x32 Version: 2.0.2 - VideoLAN)
Vz In Home Agent (x32 Version: 7.01.20 - Verizon)
WampServer 2.4 (x32 Version:  - Hervé Leclerc (HeL))
WhoCrashed 2.00 (Version:  - Resplendence Software Projects Sp.)
Windows Driver Package - Mytrakhealth System Inc. (WinUSB) MytrakhealthDevice  (10/02/2009 2.0.0) (Version: 10/02/2009 2.0.0 - Mytrakhealth System Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 6.0.6000.16386 (x32 Version:  - Microsoft Corporation)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
WinRAR archiver (Version:  - )
WinSCP 4.2.8 (x32 Version: 4.2.8 - Martin Prikryl)
Wireshark 1.4.1 (x32 Version: 1.4.1 - The Wireshark developer community, http://www.wireshark.org)
Yahoo! Messenger (x32 Version:  - Yahoo! Inc.)
Yahoo! Software Update (x32 Version:  - )
 
==================== Restore Points  =========================
 
27-12-2013 08:00:33 Windows Update
28-12-2013 08:00:30 Windows Update
29-12-2013 08:00:31 Windows Update
30-12-2013 08:00:44 Windows Update
31-12-2013 02:41:55 Removed Java 7 Update 45
31-12-2013 02:43:46 Installed Java 7 Update 45
31-12-2013 02:56:35 Removed Java 7 Update 45
31-12-2013 02:57:42 Installed Java 7 Update 45 (64-bit)
31-12-2013 08:00:26 Windows Update
01-01-2014 08:00:19 Windows Update
02-01-2014 06:05:57 Installed Java SE Development Kit 7 Update 45 (64-bit)
02-01-2014 08:00:12 Windows Update
02-01-2014 13:39:53 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2014-01-02 20:05 - 00000741 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0DF69603-160E-4551-A235-5F860CBA970F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core => C:\Users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {14ACA784-FB97-4C76-923C-B576F0151EA1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA => C:\Users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22] (Google Inc.)
Task: {30660A73-A04A-4CA0-9DBB-009988078D26} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-15] ()
Task: {5E6FA076-EC65-4987-BD70-FC59E45A1DBA} - System32\Tasks\{616FD94D-75B3-4820-92FB-BF96AE08F65A} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {6F4A1874-ED87-4AAD-A9FE-4A155C424C3C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A32DA528-5D1F-41EA-A62B-8A328DF8B712} - System32\Tasks\AdobeAAMUpdater-1.0-Johnny-PC-Johnny => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {B45F9286-C83C-4E1F-961B-B4B8FDDD2AFC} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {F58DF195-2E4D-4367-A3F4-A82C0C588054} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe [2012-11-15] ()
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core.job => C:\Users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA.job => C:\Users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-11-28 16:37 - 2012-11-28 16:37 - 00954256 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-10-07 18:30 - 2009-08-16 16:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-12-05 00:34 - 2013-12-03 21:47 - 00702416 _____ () C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 00:34 - 2013-12-03 21:47 - 00099792 _____ () C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 00:34 - 2013-12-03 21:48 - 04055504 _____ () C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 00:34 - 2013-12-03 21:48 - 00399312 _____ () C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 00:34 - 2013-12-03 21:47 - 01619408 _____ () C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:lZtboGD3taniUbNn7JZ7YcN
AlternateDataStreams: C:\Program Files\Common Files\System:UuT2QAkehTzpc1G8MERnf1nEf3
AlternateDataStreams: C:\ProgramData\Microsoft:6yLOJ80jV92gr02B391ry8T
AlternateDataStreams: C:\ProgramData\Microsoft:9YH1gyWy0OY4yNq9TvOitPSmv
AlternateDataStreams: C:\ProgramData\Microsoft:CRoGfloKpcZKgcmEgDgEeU
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
AlternateDataStreams: C:\Users\Johnny\Local Settings:efkzyp70RAFQYnnMHxr9IO
AlternateDataStreams: C:\Users\Johnny\AppData\Local:efkzyp70RAFQYnnMHxr9IO
AlternateDataStreams: C:\Users\Johnny\AppData\Local\Application Data:efkzyp70RAFQYnnMHxr9IO
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2014 08:15:10 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (01/02/2014 04:45:50 PM) (Source: MsiInstaller) (User: Johnny-PC)
Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (01/02/2014 02:55:08 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (12/31/2013 03:01:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,
 
Error: (12/31/2013 03:01:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time stamp: 0x4fd2dd43
Exception code: 0xc0000005
Fault offset: 0x0000000000186841
Faulting process id: 0xe9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
 
System errors:
=============
Error: (01/02/2014 08:31:18 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/02/2014 08:31:18 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/02/2014 08:31:01 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (01/02/2014 08:29:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/02/2014 08:28:58 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error: 
%%4203
 
Error: (01/02/2014 08:26:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2014 08:26:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2014 08:26:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2014 08:26:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/02/2014 08:26:20 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2014 08:15:10 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)
 
Error: (01/02/2014 04:45:50 PM) (Source: MsiInstaller)(User: Johnny-PC)
Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/02/2014 02:55:08 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:40 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (12/31/2013 03:01:17 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,  (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/31/2013 03:01:09 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122SHELL32.dll6.1.7600.170384fd2dd43c00000050000000000186841e9c01cf0189d0c024e2C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllb47d541d-71f1-11e3-98e3-001e0b31a79a
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-02 15:08:46.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-28 20:07:30.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-26 08:44:19.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-26 08:32:17.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 08:38:45.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 06:09:52.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 06:01:59.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 8191.37 MB
Available physical RAM: 6000.49 MB
Total Pagefile: 16380.87 MB
Available Pagefile: 13836.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:466.62 GB) (Free:347.35 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:2794.3 GB) (Free:2351.94 GB) NTFS
Drive f: (Windows8) (Fixed) (Total:464.79 GB) (Free:439.45 GB) NTFS
Drive g: (20060514_211414) (CDROM) (Total:3.62 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B826B826)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=467 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2795 GB) (Disk ID: 000C1E48)
 
Partition: GPT Partition Type
==================== End Of Log ============================


#5 menorevs

menorevs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 January 2014 - 08:39 PM

Search: rpcss.dll

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by Johnny (administrator) on JOHNNY-PC on 02-01-2014 20:36:08
Running from C:\Users\Johnny\Desktop
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apache Software Foundation) C:\AppServ\Apache2.2\bin\httpd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\AppServ\Apache2.2\bin\httpd.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla server.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\AppServ\MySQL\bin\mysqld-nt.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(Flux Software LLC) C:\Users\Johnny\AppData\Local\FluxSoftware\Flux\flux.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit-tray.exe
() C:\Program Files (x86)\No-IP\DUC30.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(APN LLC.) C:\Users\Johnny\AppData\Local\VNT\vntldr.exe
(Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(Google Inc.) C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6962720 2009-01-06] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Seagate Scheduler2 Service] - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-08] (APN LLC.)
HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2646128 2010-11-06] (PeerBlock, LLC)
HKCU\...\Run: [F.lux] - C:\Users\Johnny\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKCU\...\Run: [Fitbit Service Monitor] - C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2177056 2012-06-22] (Fitbit, Inc.)
HKCU\...\Run: [Camfrog] - C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNET.exe [53600 2013-06-24] (Camshare, Inc.)
HKU\Karen\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKU\Karen\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
Startup: C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x635D3A08712ECB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Handler-x32: ebahn - {8D32BA61-D15B-11d4-894B-000000000000} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: x-mem3 - {4F6D06DD-44AB-4F89-BF13-9027B505B15A} -  No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default
FF NewTab: hxxp://www.google.com
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nbc.com/DirectPlayer - C:\Program Files (x86)\NBC Direct\npDirectPlayerMozilla.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Johnny\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Johnny\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Performance Cache - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\pgxfwdwfay@pgxfwdwfay.org.xpi
FF Extension: Ask Toolbar - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\toolbar_CMG-V7@apn.ask.com.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: Adblock Plus - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKCU\...\Firefox\Extensions: [{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}] - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
 
Chrome: 
=======
CHR HomePage: hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Johnny\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java™ Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Johnny\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (Google Docs) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Cast) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1210.0.6_0
CHR Extension: (Google Search) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Social Fixer for Facebook) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb\9.0_0
CHR Extension: (Skype Click to Call) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Google Wallet) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Johnny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaajdkgnibfhemkjleoikkioeochldo] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMGV7-SAT\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaajfdmjahpbdoeompbfmghniokhfji] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMG-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Johnny\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2011-08-11] (SUPERAntiSpyware.com)
R2 Apache2.2; C:\AppServ\Apache2.2\bin\httpd.exe [24635 2008-01-17] (Apache Software Foundation)
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [729088 2009-09-06] (FileZilla Project)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1200160 2012-11-09] (Fitbit, Inc.)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [349184 2012-06-01] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 mysql; C:\AppServ\MySQL\my.ini [9573 2011-12-08] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation)
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] ()
S2 HPSLPSVC; C:\Users\Johnny\AppData\Local\Temp\7zS66D0\hpslpsvc64.dll [x]
S3 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 libusb0; C:\Windows\SysWow64\drivers\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [164720 2009-06-18] (Microsoft Corporation)
S3 ncplelhp; C:\Windows\System32\DRIVERS\ncplelhp.sys [151048 2009-09-10] (NCP Engineering GmbH)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [43792 2010-12-01] (Oracle Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2013-02-12] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 MFE_RR; \??\C:\Users\Johnny\AppData\Local\Temp\mfe_rr.sys [x]
S3 vpnva; system32\DRIVERS\vpnva64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-02 20:33 - 2014-01-02 20:34 - 00039628 _____ C:\Users\Johnny\Desktop\Addition.txt
2014-01-02 20:31 - 2014-01-02 20:36 - 00023387 _____ C:\Users\Johnny\Desktop\FRST.txt
2014-01-02 20:31 - 2014-01-02 20:31 - 01931498 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2014-01-02 20:31 - 2014-01-02 20:31 - 00000000 ____D C:\FRST
2014-01-02 20:27 - 2014-01-02 20:27 - 00004149 _____ C:\Users\Johnny\Desktop\RKreport[0]_D_01022014_202739.txt
2014-01-02 20:27 - 2014-01-02 20:27 - 00004111 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_202727.txt
2014-01-02 20:05 - 2014-01-02 20:05 - 00002900 _____ C:\Users\Johnny\Desktop\RKreport[0]_DN_01022014_200504.txt
2014-01-02 20:04 - 2014-01-02 20:04 - 00004063 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_200429.txt
2014-01-02 19:56 - 2014-01-02 20:27 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00359552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00228272 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00175664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00156080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00066304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00056688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00043792 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 19:56 - 2014-01-02 20:27 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-02 19:56 - 2014-01-02 19:56 - 00005189 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt
2014-01-02 19:55 - 2014-01-02 20:27 - 14298944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01590688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0104.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0103.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0102.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00311144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0105.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00307560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0101.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00303464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0100.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00107288 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00057976 _____ (GFI Software) C:\Windows\system32\Drivers\SBREDrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00045416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00031976 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiLib.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026856 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiUSBXp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 19:55 - 2014-01-02 20:27 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 06379288 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvuvc64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00261120 _____ (Pinnacle Systems GmbH) C:\Windows\system32\Drivers\MarvinBus64.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00164720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00151048 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00040832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpNWMon.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 19:55 - 2014-01-02 20:26 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 09319936 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00327704 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00306176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00304784 _____ C:\Windows\system32\Drivers\CVPNDRVA.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00215808 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emDevice64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00157968 _____ (Deterministic Networks, Inc.) C:\Windows\system32\Drivers\dne64x.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00079872 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emAudio64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00045048 _____ (FabulaTech) C:\Windows\system32\Drivers\ftusbrdbus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014992 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\CVirtA64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006400 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emFilter64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00006144 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emScan64.sys.bak
2014-01-02 19:54 - 2014-01-02 20:26 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 19:47 - 2014-01-02 19:47 - 00023357 _____ C:\ComboFix.txt
2014-01-02 19:15 - 2014-01-02 17:17 - 01805736 _____ (Symantec Corporation) C:\Users\Johnny\Desktop\FixZeroAccess.exe
2014-01-02 19:15 - 2014-01-02 17:13 - 00039735 _____ C:\Users\Johnny\Desktop\Result.txt
2014-01-02 19:15 - 2014-01-02 17:11 - 00760063 _____ (Farbar) C:\Users\Johnny\Desktop\MiniToolBox.exe
2014-01-02 19:15 - 2014-01-02 17:11 - 00000296 _____ C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log
2014-01-02 19:15 - 2014-01-02 17:10 - 00782640 _____ (McAfee, Inc.) C:\Users\Johnny\Desktop\rootkitremover.exe
2014-01-02 19:15 - 2014-01-02 17:09 - 04101441 _____ C:\Users\Johnny\Desktop\tdsskiller.zip
2014-01-02 19:15 - 2014-01-02 17:04 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Johnny\Desktop\rkill.exe
2014-01-02 19:15 - 2014-01-02 16:45 - 03810304 _____ C:\Users\Johnny\Desktop\RogueKiller.exe
2014-01-02 19:15 - 2014-01-02 16:42 - 01233962 _____ C:\Users\Johnny\Desktop\AdwCleaner (1).exe
2014-01-02 17:18 - 2014-01-02 17:18 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-01-02 17:15 - 2014-01-02 17:15 - 00000000 ____D C:\Users\Johnny\AppData\Local\VNT
2014-01-02 17:02 - 2014-01-02 17:02 - 00001411 _____ C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt
2014-01-02 16:54 - 2014-01-02 19:59 - 00000000 ____D C:\Users\Johnny\Desktop\RK_Quarantine
2014-01-02 15:18 - 2014-01-02 15:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 14:49 - 2014-01-02 14:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-02 14:49 - 2014-01-02 14:49 - 00000000 ____D C:\Users\Administrator
2014-01-02 14:49 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-02 14:49 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-02 14:34 - 2014-01-02 20:05 - 00043436 _____ C:\Windows\system32\peerblock.dmp
2014-01-02 14:32 - 2014-01-02 14:32 - 00000616 _____ C:\Users\Johnny\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-02 08:40 - 2014-01-02 08:41 - 00000000 ____D C:\ea276f2f65a199760bc5b0
2014-01-02 08:36 - 2014-01-02 08:36 - 00037376 _____ C:\Windows\system32\uztfo.zuf
2014-01-02 08:25 - 2014-01-02 20:30 - 00000079 _____ C:\Windows\system32\jfjc.fgj
2014-01-02 08:25 - 2014-01-02 08:36 - 00000098 _____ C:\Windows\system32\ddrm.ezh
2014-01-02 08:25 - 2014-01-02 08:25 - 00000064 _____ C:\Windows\system32\cojj.dmq
2014-01-02 08:08 - 2014-01-02 08:08 - 00000000 ____S C:\Windows\system32\ssubni.ypz
2014-01-02 03:01 - 2014-01-02 03:02 - 00000000 ____D C:\99df9d4979cdc168ab0c
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\hsperfdata_Johnny
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Spring Tool Suite
2014-01-02 01:12 - 2014-01-02 01:14 - 00000000 ____D C:\Program Files\springsource
2014-01-01 03:01 - 2014-01-01 03:03 - 00000000 ____D C:\ef183e7b2d539f8e5445b63f864881ab
2013-12-31 03:01 - 2013-12-31 03:02 - 00000000 ____D C:\16dc6cff3c4df946f5f91b0cc0c6ab
2013-12-31 01:36 - 2013-12-31 03:03 - 19378702 _____ C:\Users\Johnny\Desktop\evasi0n7.exe
2013-12-30 22:00 - 2013-12-30 22:00 - 00000000 ____D C:\Users\Johnny\workspace
2013-12-30 21:59 - 2013-12-30 21:58 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-30 21:58 - 2014-01-02 01:06 - 00000000 ____D C:\Program Files\Java
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ____D C:\Development
2013-12-30 16:35 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\Camfrog
2013-12-30 16:28 - 2013-12-30 16:28 - 00219314 ____S C:\Windows\system32\tvlus.vvw
2013-12-28 18:53 - 2013-12-28 18:53 - 117548912 _____ C:\Users\Karen\Downloads\GoProStudioPC-2.0.0.285.exe
2013-12-28 18:48 - 2013-12-28 18:48 - 00000000 ____D C:\Users\Karen\Desktop\Master Card
2013-12-28 16:52 - 2014-01-02 03:03 - 00000000 ____D C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472}
2013-12-20 14:33 - 2013-12-20 14:46 - 00000000 ____D C:\The Sing Off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Users\Johnny\Desktop\The sing off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Sing
2013-12-18 16:17 - 2013-12-18 16:17 - 00819816 _____ C:\Windows\Minidump\121813-31761-01.dmp
2013-12-17 15:14 - 2013-12-30 16:35 - 00002187 _____ C:\Users\Johnny\Desktop\Camfrog Video Chat 6.6.lnk
2013-12-17 15:14 - 2013-12-30 16:35 - 00000000 ____D C:\Users\Karen\AppData\Local\VNT
2013-12-17 15:14 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-17 15:14 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.6
2013-12-16 18:24 - 2013-12-16 18:24 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2013-12-16 18:15 - 2013-12-16 18:15 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-12-14 09:53 - 2013-12-18 10:13 - 00000000 ____D C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324}
2013-12-07 22:51 - 2013-12-08 22:52 - 00000000 ____D C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C}
2013-12-07 22:22 - 2013-12-07 22:25 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Users\Johnny\Desktop\New folder (2)
2013-12-04 22:51 - 2013-12-04 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-04 22:49 - 2013-12-07 10:51 - 00000000 ____D C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466}
2013-12-04 22:49 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\Apple Computer
2013-12-04 22:48 - 2013-12-04 22:55 - 00000000 ____D C:\Users\Karen\AppData\Roaming\MediaMonkey
2013-12-04 22:48 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Local\MediaMonkey
 
==================== One Month Modified Files and Folders =======
 
2014-01-02 20:36 - 2014-01-02 20:31 - 00023387 _____ C:\Users\Johnny\Desktop\FRST.txt
2014-01-02 20:34 - 2014-01-02 20:33 - 00039628 _____ C:\Users\Johnny\Desktop\Addition.txt
2014-01-02 20:34 - 2009-07-14 00:13 - 00876886 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-02 20:34 - 2009-07-13 23:45 - 00019792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:34 - 2009-07-13 23:45 - 00019792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-02 20:32 - 2009-10-07 17:35 - 01261754 _____ C:\Windows\WindowsUpdate.log
2014-01-02 20:31 - 2014-01-02 20:31 - 01931498 _____ (Farbar) C:\Users\Johnny\Desktop\FRST64.exe
2014-01-02 20:31 - 2014-01-02 20:31 - 00000000 ____D C:\FRST
2014-01-02 20:31 - 2010-04-27 00:42 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA.job
2014-01-02 20:30 - 2014-01-02 08:25 - 00000079 _____ C:\Windows\system32\jfjc.fgj
2014-01-02 20:29 - 2013-11-19 19:20 - 00002756 _____ C:\Windows\System32\Tasks\AutoKMSDaily
2014-01-02 20:29 - 2012-11-15 17:03 - 00000218 _____ C:\Windows\Tasks\AutoKMSDaily.job
2014-01-02 20:29 - 2012-11-15 17:03 - 00000218 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-02 20:29 - 2012-11-15 17:02 - 00151552 _____ C:\Windows\KMSEmulator.exe
2014-01-02 20:28 - 2013-10-08 09:35 - 00007646 _____ C:\Windows\setupact.log
2014-01-02 20:28 - 2009-10-08 02:06 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-02 20:28 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-02 20:27 - 2014-01-02 20:27 - 00004149 _____ C:\Users\Johnny\Desktop\RKreport[0]_D_01022014_202739.txt
2014-01-02 20:27 - 2014-01-02 20:27 - 00004111 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_202727.txt
2014-01-02 20:27 - 2014-01-02 19:56 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00363584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00359552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00295792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00228272 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00217680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00210016 _____ (Acronis) C:\Windows\system32\Drivers\vididr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00200272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00175664 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00156080 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00141920 _____ (Acronis) C:\Windows\system32\Drivers\vsflt53.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00071760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00066304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00056688 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00054784 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00046672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00043792 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSB.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WSDPrint.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00007936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:56 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 14298944 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01893224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01653096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01590688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00971360 _____ (Acronis) C:\Windows\system32\Drivers\timntr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00374864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00312168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0104.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0103.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0102.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00311144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0105.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00307560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0101.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00303464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RsFx0100.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00275552 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00214096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00204568 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00187264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00183872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00171600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00107288 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00104016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00075632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00062544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00057976 _____ (GFI Software) C:\Windows\system32\Drivers\SBREDrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00056208 _____ (Rovi Corporation) C:\Windows\system32\Drivers\PxHlpa64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00045416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\point64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00034896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00031976 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiLib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026856 _____ (Silicon Laboratories) C:\Windows\system32\Drivers\SiUSBXp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00022528 _____ (Apple Inc.) C:\Windows\system32\Drivers\netaapl64.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-02 20:27 - 2014-01-02 19:55 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 06379288 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvuvc64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00947776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00367168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00261120 _____ (Pinnacle Systems GmbH) C:\Windows\system32\Drivers\MarvinBus64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00255552 _____ (MagicISO, Inc.) C:\Windows\system32\Drivers\mcdbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00224832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00164720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpFilter.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00155216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00151048 _____ (NCP Engineering GmbH) C:\Windows\system32\Drivers\ncplelhp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00140352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00121416 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00094784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00040832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MpNWMon.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00030272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-02 20:26 - 2014-01-02 19:55 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 09319936 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00982912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00459216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00334416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00327704 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00306176 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00304784 _____ C:\Windows\system32\Drivers\CVPNDRVA.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00290368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00287576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00265088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00215808 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emDevice64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00178752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00157968 _____ (Deterministic Networks, Inc.) C:\Windows\system32\Drivers\dne64x.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00155728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00152432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00095088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00079872 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emAudio64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00045048 _____ (FabulaTech) C:\Windows\system32\Drivers\ftusbrdbus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4usb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00022896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dot4Prt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014992 _____ (Cisco Systems, Inc.) C:\Windows\system32\Drivers\CVirtA64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00014416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdralw2k.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00010224 _____ (Sonic Solutions) C:\Windows\system32\Drivers\cdr4_xp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006400 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emFilter64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00006144 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emScan64.sys.bak
2014-01-02 20:26 - 2014-01-02 19:54 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-02 20:15 - 2010-03-18 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Apps\2.0
2014-01-02 20:06 - 2013-10-16 08:47 - 00004336 _____ C:\Windows\PFRO.log
2014-01-02 20:05 - 2014-01-02 20:05 - 00002900 _____ C:\Users\Johnny\Desktop\RKreport[0]_DN_01022014_200504.txt
2014-01-02 20:05 - 2014-01-02 14:34 - 00043436 _____ C:\Windows\system32\peerblock.dmp
2014-01-02 20:05 - 2010-07-15 02:47 - 00000000 ____D C:\Program Files\PeerBlock
2014-01-02 20:04 - 2014-01-02 20:04 - 00004063 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_200429.txt
2014-01-02 19:59 - 2014-01-02 16:54 - 00000000 ____D C:\Users\Johnny\Desktop\RK_Quarantine
2014-01-02 19:59 - 2012-01-10 21:26 - 00000000 __SHD C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}
2014-01-02 19:56 - 2014-01-02 19:56 - 00005189 _____ C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt
2014-01-02 19:52 - 2013-07-31 13:08 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Johnny\Desktop\procexp.exe
2014-01-02 19:47 - 2014-01-02 19:47 - 00023357 _____ C:\ComboFix.txt
2014-01-02 19:47 - 2012-01-26 18:28 - 00000000 ____D C:\Qoobox
2014-01-02 19:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2014-01-02 19:18 - 2013-11-02 14:04 - 00000000 ____D C:\AdwCleaner
2014-01-02 18:53 - 2009-10-07 17:48 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B529D675-BBB8-40CA-AEFE-EBA5959014AF}
2014-01-02 17:18 - 2014-01-02 17:18 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-01-02 17:17 - 2014-01-02 19:15 - 01805736 _____ (Symantec Corporation) C:\Users\Johnny\Desktop\FixZeroAccess.exe
2014-01-02 17:15 - 2014-01-02 17:15 - 00000000 ____D C:\Users\Johnny\AppData\Local\VNT
2014-01-02 17:13 - 2014-01-02 19:15 - 00039735 _____ C:\Users\Johnny\Desktop\Result.txt
2014-01-02 17:11 - 2014-01-02 19:15 - 00760063 _____ (Farbar) C:\Users\Johnny\Desktop\MiniToolBox.exe
2014-01-02 17:11 - 2014-01-02 19:15 - 00000296 _____ C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log
2014-01-02 17:10 - 2014-01-02 19:15 - 00782640 _____ (McAfee, Inc.) C:\Users\Johnny\Desktop\rootkitremover.exe
2014-01-02 17:09 - 2014-01-02 19:15 - 04101441 _____ C:\Users\Johnny\Desktop\tdsskiller.zip
2014-01-02 17:09 - 2013-11-18 09:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Johnny\Desktop\TDSSKiller.exe
2014-01-02 17:04 - 2014-01-02 19:15 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Johnny\Desktop\rkill.exe
2014-01-02 17:02 - 2014-01-02 17:02 - 00001411 _____ C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt
2014-01-02 16:51 - 2009-11-23 20:39 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2014-01-02 16:45 - 2014-01-02 19:15 - 03810304 _____ C:\Users\Johnny\Desktop\RogueKiller.exe
2014-01-02 16:45 - 2009-10-07 17:52 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\uTorrent
2014-01-02 16:42 - 2014-01-02 19:15 - 01233962 _____ C:\Users\Johnny\Desktop\AdwCleaner (1).exe
2014-01-02 15:18 - 2014-01-02 15:18 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-02 15:18 - 2010-04-12 19:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-02 15:08 - 2012-12-25 11:52 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2014-01-02 14:49 - 2014-01-02 14:49 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2014-01-02 14:49 - 2014-01-02 14:49 - 00000000 ____D C:\Users\Administrator
2014-01-02 14:33 - 2013-11-02 15:02 - 05160282 ____R (Swearware) C:\Users\Johnny\Desktop\ComboFix.exe
2014-01-02 14:32 - 2014-01-02 14:32 - 00000616 _____ C:\Users\Johnny\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-02 11:13 - 2013-03-09 09:08 - 00000000 ____D C:\Users\Karen\Tracing
2014-01-02 08:41 - 2014-01-02 08:40 - 00000000 ____D C:\ea276f2f65a199760bc5b0
2014-01-02 08:36 - 2014-01-02 08:36 - 00037376 _____ C:\Windows\system32\uztfo.zuf
2014-01-02 08:36 - 2014-01-02 08:25 - 00000098 _____ C:\Windows\system32\ddrm.ezh
2014-01-02 08:31 - 2010-04-27 00:42 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core.job
2014-01-02 08:25 - 2014-01-02 08:25 - 00000064 _____ C:\Windows\system32\cojj.dmq
2014-01-02 08:08 - 2014-01-02 08:08 - 00000000 ____S C:\Windows\system32\ssubni.ypz
2014-01-02 07:54 - 2009-10-18 22:22 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Skype
2014-01-02 03:26 - 2009-10-07 19:23 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Camfrog
2014-01-02 03:03 - 2013-12-28 16:52 - 00000000 ____D C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472}
2014-01-02 03:02 - 2014-01-02 03:01 - 00000000 ____D C:\99df9d4979cdc168ab0c
2014-01-02 03:02 - 2009-10-09 02:50 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\FileZilla
2014-01-02 02:00 - 2010-10-13 16:30 - 00000000 ____D C:\Users\Johnny\AppData\Local\Adobe
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\hsperfdata_Johnny
2014-01-02 01:28 - 2014-01-02 01:28 - 00000000 ____D C:\Users\Johnny\AppData\Local\Spring Tool Suite
2014-01-02 01:28 - 2009-10-07 17:39 - 00000000 ____D C:\Users\Johnny
2014-01-02 01:14 - 2014-01-02 01:12 - 00000000 ____D C:\Program Files\springsource
2014-01-02 01:06 - 2013-12-30 21:58 - 00000000 ____D C:\Program Files\Java
2014-01-01 12:48 - 2013-12-02 23:24 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\MediaMonkey
2014-01-01 03:03 - 2014-01-01 03:01 - 00000000 ____D C:\ef183e7b2d539f8e5445b63f864881ab
2013-12-31 03:31 - 2013-10-02 19:16 - 00000000 ____D C:\Users\Johnny\Desktop\MayaShop_WordPress_Theme
2013-12-31 03:03 - 2013-12-31 01:36 - 19378702 _____ C:\Users\Johnny\Desktop\evasi0n7.exe
2013-12-31 03:02 - 2013-12-31 03:01 - 00000000 ____D C:\16dc6cff3c4df946f5f91b0cc0c6ab
2013-12-31 03:02 - 2012-04-01 18:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-31 03:02 - 2011-08-08 12:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-30 22:00 - 2013-12-30 22:00 - 00000000 ____D C:\Users\Johnny\workspace
2013-12-30 22:00 - 2013-10-02 16:39 - 00000000 ____D C:\Users\Johnny\.android
2013-12-30 21:59 - 2013-10-16 14:19 - 00000000 ____D C:\ProgramData\Oracle
2013-12-30 21:58 - 2013-12-30 21:59 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-30 21:58 - 2013-12-30 21:58 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-30 19:20 - 2013-12-30 19:20 - 00000000 ____D C:\Development
2013-12-30 16:35 - 2013-12-30 16:35 - 00000000 ____D C:\Program Files (x86)\Camfrog
2013-12-30 16:35 - 2013-12-17 15:14 - 00002187 _____ C:\Users\Johnny\Desktop\Camfrog Video Chat 6.6.lnk
2013-12-30 16:35 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Karen\AppData\Local\VNT
2013-12-30 16:35 - 2013-12-17 15:14 - 00000000 ____D C:\Program Files (x86)\VNT
2013-12-30 16:28 - 2013-12-30 16:28 - 00219314 ____S C:\Windows\system32\tvlus.vvw
2013-12-28 18:53 - 2013-12-28 18:53 - 117548912 _____ C:\Users\Karen\Downloads\GoProStudioPC-2.0.0.285.exe
2013-12-28 18:48 - 2013-12-28 18:48 - 00000000 ____D C:\Users\Karen\Desktop\Master Card
2013-12-26 17:22 - 2011-07-30 15:40 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\vlc
2013-12-20 14:46 - 2013-12-20 14:33 - 00000000 ____D C:\The Sing Off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Users\Johnny\Desktop\The sing off
2013-12-20 14:32 - 2013-12-20 14:32 - 00000000 ____D C:\Sing
2013-12-18 16:17 - 2013-12-18 16:17 - 00819816 _____ C:\Windows\Minidump\121813-31761-01.dmp
2013-12-18 16:17 - 2013-10-16 08:47 - 964584465 _____ C:\Windows\MEMORY.DMP
2013-12-18 16:17 - 2009-11-09 17:18 - 00000000 ____D C:\Windows\Minidump
2013-12-18 16:17 - 2009-07-14 00:08 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-18 10:13 - 2013-12-14 09:53 - 00000000 ____D C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324}
2013-12-17 15:14 - 2013-12-17 15:14 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.6
2013-12-16 18:24 - 2013-12-16 18:24 - 00001973 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2013-12-16 18:24 - 2013-08-27 22:59 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Samsung
2013-12-16 18:22 - 2013-08-27 22:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-12-16 18:22 - 2009-10-08 02:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-16 18:21 - 2011-07-29 10:41 - 00000000 ____D C:\Users\Johnny\AppData\Local\Downloaded Installations
2013-12-16 18:15 - 2013-12-16 18:15 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-12-16 14:43 - 2009-10-08 01:46 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Mozilla
2013-12-15 03:05 - 2013-08-15 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 03:01 - 2009-10-08 02:03 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-14 09:39 - 2009-10-30 01:07 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\.purple
2013-12-11 03:01 - 2010-04-09 08:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-08 22:52 - 2013-12-07 22:51 - 00000000 ____D C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C}
2013-12-07 22:25 - 2013-12-07 22:22 - 00000000 ____D C:\Users\Karen\AppData\Local\Google
2013-12-07 22:25 - 2009-10-07 19:38 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-07 10:51 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466}
2013-12-05 22:17 - 2013-12-05 22:17 - 00000000 ____D C:\Users\Johnny\Desktop\New folder (2)
2013-12-05 14:43 - 2012-03-05 13:53 - 00000000 ____D C:\Program Files (x86)\Fitbit
2013-12-04 22:55 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Roaming\MediaMonkey
2013-12-04 22:53 - 2013-03-09 09:07 - 00000000 ____D C:\Users\Karen\AppData\Roaming\Apple Computer
2013-12-04 22:52 - 2010-05-03 04:28 - 00000000 ____D C:\Users\Johnny\AppData\Roaming\Mp3tag
2013-12-04 22:51 - 2013-12-04 22:51 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-04 22:49 - 2013-12-04 22:49 - 00000000 ____D C:\Users\Karen\AppData\Local\Apple Computer
2013-12-04 22:48 - 2013-12-04 22:48 - 00000000 ____D C:\Users\Karen\AppData\Local\MediaMonkey
2013-12-03 08:26 - 2010-04-27 00:42 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA
2013-12-03 08:26 - 2010-04-27 00:42 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core
 
Files to move or delete:
====================
C:\Users\Johnny\usbit.exe
 
 
Some content of TEMP:
====================
C:\Users\Johnny\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-12-30 03:01
 
==================== End Of Log ============================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:27 AM

Posted 02 January 2014 - 09:54 PM

Hello,

 

You posted FRST.txt twice instead of the Search.txt log file.

 

Also uninstall the following programs:

 

Ask Shopping Toolbar (x32 Version: 12.7.0.2448 - APN, LLC) <==== ATTENTION
Ask Toolbar (x32 Version: 12.7.0.2279 - APN, LLC) <==== ATTENTION

 

Click on Start > type in the search box appwiz.cpl in the search box and press Enter
Select Ask toolbars from the list and uninstall them one by one.

 

 

Next please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Users\Johnny\usbit.exe



note, if VT says these files have already been analysed, make sure you click re-analyse file now.

Repeat the steps for these files as well:

 

C:\Windows\system32\uztfo.zuf
C:\Windows\system32\jfjc.fgj
C:\Windows\system32\ddrm.ezh
C:\Windows\system32\cojj.dmq
C:\Windows\system32\ssubni.ypz

Please post the link to the results page rather than the contents of the page itself (its a little easier for me to read).

 

 

 

Now please download the following file => [attachment=145448:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 menorevs

menorevs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 02 January 2014 - 10:27 PM

Very fast, and some interesting things.  Not sure if you really care, but I will post it anyway

 

1) When trying to scan ddrm.ezh, it said it was in use.  I used perfmon to trace the PID and it svchost.exe was running it.  When I killed it by the PID number, it killed the DCOM service which properties are greyed out and tried to shut down the computer.   I ran a shutdown - a at the command prompt so it didnt shut down on me.  Now that is killed, when trying to go into my sound settings, everything is blacked out!  This is probably the problem (or one of them)

 

2) ssubni.ypz permissions were locked.  I was able to assign myself as the admin to that service and ran it.

 

 

 

Scans

 

 
 
 
 
 

 

 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2014
Ran by Johnny at 2014-01-02 22:23:01 Run:1
Running from C:\Users\Johnny\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
BHO-x32: Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
Toolbar: HKLM-x32 - Ask Toolbar - {434D472D-5637-006A-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll" No File
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [320000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset
FF Extension: Performance Cache - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\pgxfwdwfay@pgxfwdwfay.org.xpi
FF Extension: Ask Toolbar - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\toolbar_CMG-V7@apn.ask.com.xpi
FF Extension: Easy YouTube Video Downloader - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF HKCU\...\Firefox\Extensions: [{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}] - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
FF Extension: Mozilla Safe Browsing - C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\
CHR HKLM-x32\...\Chrome\Extension: [aaaajdkgnibfhemkjleoikkioeochldo] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMGV7-SAT\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [aaaajfdmjahpbdoeompbfmghniokhfji] - C:\ProgramData\AskPartnerNetwork\Toolbar\CMG-V7\CRX\ToolbarCR.crx
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 MFE_RR; \??\C:\Users\Johnny\AppData\Local\Temp\mfe_rr.sys [x]
cmd: type C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt
cmd: type C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt
cmd: type C:\ComboFix.txt
cmd: type C:\Users\Johnny\Desktop\Result.txt
cmd: type C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log
2013-12-28 16:52 - 2014-01-02 03:03 - 00000000 ____D C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472}
2013-12-14 09:53 - 2013-12-18 10:13 - 00000000 ____D C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324}
2013-12-07 22:51 - 2013-12-08 22:52 - 00000000 ____D C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C}
2013-12-04 22:49 - 2013-12-07 10:51 - 00000000 ____D C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466}
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:lZtboGD3taniUbNn7JZ7YcN
AlternateDataStreams: C:\Program Files\Common Files\System:UuT2QAkehTzpc1G8MERnf1nEf3
AlternateDataStreams: C:\ProgramData\Microsoft:6yLOJ80jV92gr02B391ry8T
AlternateDataStreams: C:\ProgramData\Microsoft:9YH1gyWy0OY4yNq9TvOitPSmv
AlternateDataStreams: C:\ProgramData\Microsoft:CRoGfloKpcZKgcmEgDgEeU
AlternateDataStreams: C:\ProgramData\TEMP:FB1B13D8
AlternateDataStreams: C:\Users\Johnny\Local Settings:efkzyp70RAFQYnnMHxr9IO
AlternateDataStreams: C:\Users\Johnny\AppData\Local:efkzyp70RAFQYnnMHxr9IO
AlternateDataStreams: C:\Users\Johnny\AppData\Local\Application Data:efkzyp70RAFQYnnMHxr9IO
end
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{434D472D-5637-006A-76A7-7A786E7484D7} => Key not found.
HKCR\Wow6432Node\CLSID\{434D472D-5637-006A-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{434D472D-5637-006A-76A7-7A786E7484D7} => Value not found.
HKCR\Wow6432Node\CLSID\{434D472D-5637-006A-76A7-7A786E7484D7} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\pgxfwdwfay@pgxfwdwfay.org.xpi not found.
C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\toolbar_CMG-V7@apn.ask.com.xpi not found.
C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26} => Value deleted successfully.
C:\Users\Johnny\AppData\Local\{527A4AFE-CEA8-11E1-8270-B8AC6F996F26}\ not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajdkgnibfhemkjleoikkioeochldo => Key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\CMGV7-SAT\CRX\ToolbarCR.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajfdmjahpbdoeompbfmghniokhfji => Key not found.
"C:\ProgramData\AskPartnerNetwork\Toolbar\CMG-V7\CRX\ToolbarCR.crx" => File/Directory not found.
catchme => Service deleted successfully.
MFE_RR => Service deleted successfully.
 
=========  type C:\Users\Johnny\Desktop\RKreport[0]_S_01022014_195625.txt =========
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Johnny [Admin rights]
Mode : Scan -- Date : 01/02/2014 19:56:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\@ [-] --> FOUND
[ZeroAccess][Folder] U : C:\Windows\Installer\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\U [-] --> FOUND
[ZeroAccess][Folder] U : C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\U [-] --> FOUND
[ZeroAccess][Folder] L : C:\Windows\Installer\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\L [-] --> FOUND
[ZeroAccess][Folder] L : C:\Users\Johnny\AppData\Local\{9fc0fe5b-d3f0-c6f7-6d5f-595a88de7d95}\L [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Users\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Users\menor_000\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Johnny\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Karen\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\TEMP\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ( @ )  +++++
--- User ---
[MBR] 7e683ca907d46510371649712dc48cb0
[BSP] 8197a2dc921cffe0effddce6d5f9f4b6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 477823 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 978788352 | Size: 475943 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: ( @ )  +++++
--- User ---
[MBR] e69b6c59786f50e926e9a2676df50a5a
[BSP] 4e85b2a1f7edd291c0800395b9db399d : Legit.C MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive2: ( @ )  +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
 
Finished : << RKreport[0]_S_01022014_195625.txt >>
RKreport[0]_D_01022014_170516.txt;RKreport[0]_H_01022014_170511.txt;RKreport[0]_S_01022014_170459.txt
 
 
 
 
 
========= End of CMD: =========
 
 
=========  type C:\Users\Johnny\Desktop\RKreport[0]_SC_01022014_170212.txt =========
 
RogueKiller V8.8.0 [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Johnny [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/02/2014 17:02:12
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] vntldr.exe -- C:\Users\Johnny\AppData\Local\VNT\vntldr.exe [7] -> KILLED [TermProc]
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 11 / Fail 14
Backup: [NOT FOUND]
 
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume6 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[G:] \Device\CdRom1 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume7 -- 0x2 --> Restored
 
¤¤¤ Infection :  ¤¤¤
 
Finished : << RKreport[0]_SC_01022014_170212.txt >>
 
 
 
 
 
========= End of CMD: =========
 
 
=========  type C:\ComboFix.txt =========
 
ComboFix 14-01-01.01 - Johnny 01/02/2014  19:31:23.11.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8191.5976 [GMT -5:00]
Running from: M:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
SP: Microsoft Security Essentials *Disabled/Updated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-03 to 2014-01-03  )))))))))))))))))))))))))))))))
.
.
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\users\Karen\AppData\Local\temp
2014-01-03 00:44 . 2014-01-03 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-02 22:18 . 2014-01-02 22:18 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2014-01-02 22:15 . 2014-01-02 22:15 -------- d-----w- c:\users\Johnny\AppData\Local\VNT
2014-01-02 19:49 . 2014-01-02 19:49 -------- d-----w- c:\users\Administrator
2014-01-02 13:40 . 2014-01-02 13:41 -------- d-----w- C:\ea276f2f65a199760bc5b0
2014-01-02 08:01 . 2014-01-02 08:02 -------- d-----w- C:\99df9d4979cdc168ab0c
2014-01-02 06:28 . 2014-01-02 06:28 -------- d-----w- c:\users\Johnny\hsperfdata_Johnny
2014-01-02 06:28 . 2014-01-02 06:28 -------- d-----w- c:\users\Johnny\AppData\Local\Spring Tool Suite
2014-01-02 06:12 . 2014-01-02 06:14 -------- d-----w- c:\program files\springsource
2014-01-01 08:01 . 2014-01-01 08:03 -------- d-----w- C:\ef183e7b2d539f8e5445b63f864881ab
2013-12-31 08:01 . 2013-12-31 08:02 -------- d-----w- C:\16dc6cff3c4df946f5f91b0cc0c6ab
2013-12-31 03:00 . 2013-12-31 03:00 -------- d-----w- c:\users\Johnny\workspace
2013-12-31 02:59 . 2013-12-31 02:58 312744 ----a-w- c:\windows\system32\javaws.exe
2013-12-31 02:58 . 2013-12-31 02:58 189352 ----a-w- c:\windows\system32\javaw.exe
2013-12-31 02:58 . 2013-12-31 02:58 189352 ----a-w- c:\windows\system32\java.exe
2013-12-31 02:58 . 2013-12-31 02:58 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-12-31 02:58 . 2014-01-02 06:06 -------- d-----w- c:\program files\Java
2013-12-31 00:20 . 2013-12-31 00:20 -------- d-----w- C:\Development
2013-12-30 21:35 . 2013-12-30 21:35 -------- d-----w- c:\program files (x86)\Camfrog
2013-12-20 19:33 . 2013-12-20 19:46 -------- d-----w- C:\The Sing Off
2013-12-20 19:32 . 2013-12-20 19:32 -------- d-----w- C:\Sing
2013-12-17 20:14 . 2013-12-30 21:35 -------- d-----w- c:\users\Karen\AppData\Local\VNT
2013-12-17 20:14 . 2013-12-30 21:35 -------- d-----w- c:\program files (x86)\VNT
2013-12-08 03:22 . 2013-12-08 03:25 -------- d-----w- c:\users\Karen\AppData\Local\Google
2013-12-08 03:16 . 2013-12-08 03:16 -------- d-----w- c:\users\Karen\AppData\Local\ElevatedDiagnostics
2013-12-05 03:51 . 2013-12-05 03:51 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-05 03:49 . 2013-12-05 03:49 -------- d-----w- c:\users\Karen\AppData\Local\Apple Computer
2013-12-05 03:48 . 2013-12-05 03:48 -------- d-----w- c:\users\Karen\AppData\Local\MediaMonkey
2013-12-05 03:48 . 2013-12-05 03:55 -------- d-----w- c:\users\Karen\AppData\Roaming\MediaMonkey
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-03 00:19 . 2012-11-15 22:02 151552 ----a-w- c:\windows\KMSEmulator.exe
2013-12-31 08:02 . 2012-04-01 23:44 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-31 08:02 . 2011-08-08 17:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-15 08:01 . 2009-10-08 07:03 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-10-28 06:12 . 2013-10-28 06:12 204568 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-10-28 06:12 . 2013-10-28 06:12 107288 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\ERDNT\cache64\rpcss.dll
[7] 2009-07-14 . 7266972E86890E2B30C0C322E906B027 . 509440 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[-] 2009-07-14 . 46882894C96E19C2ADD8DB9807BBFDAF . 510464 . . [6.1.7600.16385] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"F.lux"="c:\users\Johnny\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-06-22 2177056]
"Camfrog"="c:\program files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2013-06-24 53600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-06-30 2638152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-11-08 202192]
.
c:\users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-10-17 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DUC 3.0.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-18 1423520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys;c:\windows\SYSNATIVE\drivers\libusb0.sys [x]
R3 MFE_RR;MFE_RR;c:\users\Johnny\AppData\Local\Temp\mfe_rr.sys;c:\users\Johnny\AppData\Local\Temp\mfe_rr.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys;c:\windows\SYSNATIVE\DRIVERS\MpNWMon.sys [x]
R3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys;c:\windows\SYSNATIVE\DRIVERS\ncplelhp.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt53.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apache2.2;Apache2.2;c:\appserv\Apache2.2\bin\httpd.exe;c:\appserv\Apache2.2\bin\httpd.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe;c:\program files (x86)\Fitbit\fitbit.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-03 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-11-15 22:03]
.
2014-01-03 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-11-15 22:03]
.
2014-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000Core.job
- c:\users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 00:41]
.
2014-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1773492748-1994168459-2025711368-1000UA.job
- c:\users\Johnny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 00:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6962720]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-06-30 395152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: verizon.net\activate
Trusted Zone: verizon.net\activatemydsl
Trusted Zone: verizon.net\activatemyfios
Trusted Zone: verizon.net\activatemyhsi
Trusted Zone: verizon.net\activatemywifi
Trusted Zone: verizon.net\wbadownload
TCP: DhcpNameServer = 192.168.1.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Bing 
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
FF - ExtSQL: 2013-11-06 14:19; toolbar_CMG-V7@apn.ask.com; c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\ua6jh5ms.default\extensions\toolbar_CMG-V7@apn.ask.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{434D472D-5637-006A-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll
Toolbar-{434D472D-5637-006A-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport.dll
BHO-{434D472D-5637-006A-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport_x64.dll
Toolbar-{434D472D-5637-006A-76A7-7A786E7484D7} - c:\program files (x86)\AskPartnerNetwork\Toolbar\CMG-V7\Passport_x64.dll
AddRemove-Debut - c:\program files (x86)\NCH Software\Debut\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mysql]
"ImagePath"="c:\appserv\MySQL\bin\mysqld-nt --defaults-file=c:\appserv\MySQL\my.ini mysql"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:e3,b0,ba,44,26,af,7a,1d,69,3e,ee,6b,15,ac,9f,0f,fc,34,f8,04,5f,
   58,b6,26,7c,61,81,f3,ba,c1,9c,4d,9e,e3,0c,56,0c,26,6c,8d,a0,5a,0a,66,75,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:e3,b0,ba,44,26,af,7a,1d,69,3e,ee,6b,15,ac,9f,0f,fc,34,f8,04,5f,
   58,b6,26,7c,61,81,f3,ba,c1,9c,4d,9e,e3,0c,56,0c,26,6c,8d,a0,5a,0a,66,75,92,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\06\02\1a\17\05\15?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-02  19:47:41
ComboFix-quarantined-files.txt  2014-01-03 00:47
ComboFix2.txt  2014-01-02 20:16
ComboFix3.txt  2013-06-18 20:53
ComboFix4.txt  2013-04-14 19:16
ComboFix5.txt  2014-01-03 00:29
.
Pre-Run: 372,771,000,320 bytes free
Post-Run: 373,193,646,080 bytes free
.
- - End Of File - - BC3B7E419E8D44145A62D50C544C4280
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
 
=========  type C:\Users\Johnny\Desktop\Result.txt =========
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Johnny (administrator) on 02-01-2014 at 17:12:11
Running from "D:\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1 localhost
 
========================= IP Configuration: ================================
 
Broadcom NetXtreme Gigabit Ethernet = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
Cisco Systems VPN Adapter for 64-bit Windows = Local Area Connection 2 (Hardware not present)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global taskoffload=disabled
add address name="Local Area Connection* 12" address=192.168.56.1
add address name="VirtualBox Host-Only Network" address=192.168.56.1
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Johnny-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ruesch.com
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-1E-0B-31-A7-9A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f550:6bab:3962:43e%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 02, 2014 4:51:06 PM
   Lease Expires . . . . . . . . . . : Friday, January 03, 2014 4:51:06 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184557067
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5E-F9-62-00-1E-0B-31-A7-9A
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-AC-D6
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::8077:7cac:5601:7e43%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 436731943
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-5E-F9-62-00-1E-0B-31-A7-9A
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{8CCB45C6-49E3-4C07-A16C-BF6B011C92CB}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    google.com.ruesch.com
Address:  199.101.28.20
 
 
Pinging google.com [74.125.228.7] with 32 bytes of data:
Reply from 74.125.228.7: bytes=32 time=8ms TTL=250
Reply from 74.125.228.7: bytes=32 time=8ms TTL=250
 
Ping statistics for 74.125.228.7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 8ms, Average = 8ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1
 
Name:    yahoo.com.ruesch.com
Address:  199.101.28.20
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=73ms TTL=249
Reply from 98.138.253.109: bytes=32 time=78ms TTL=249
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 73ms, Maximum = 78ms, Average = 75ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 1e 0b 31 a7 9a ......Broadcom NetXtreme Gigabit Ethernet
 17...08 00 27 00 ac d6 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    276
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    276
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    276
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    276
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    276
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    276
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    276 fe80::/64                On-link
 11    276 fe80::/64                On-link
 17    276 fe80::8077:7cac:5601:7e43/128
                                    On-link
 11    276 fe80::f550:6bab:3962:43e/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    276 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
 
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/02/2014 04:45:50 PM) (Source: MsiInstaller) (User: Johnny-PC)
Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome
 
Error: (01/02/2014 02:55:08 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:40 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
Error: (12/31/2013 03:01:17 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,
 
Error: (12/31/2013 03:01:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: SHELL32.dll, version: 6.1.7600.17038, time stamp: 0x4fd2dd43
Exception code: 0xc0000005
Fault offset: 0x0000000000186841
Faulting process id: 0xe9c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (12/30/2013 04:13:33 PM) (Source: Application Hang) (User: )
Description: The program MediaMonkey (non-skinned).exe version 4.0.7.1511 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1f1c
 
Start Time: 01cf01987fee8eae
 
Termination Time: 748
 
Application Path: C:\PROGRA~2\MEDIAM~1\MediaMonkey (non-skinned).exe
 
Report Id: 3021aaf0-7197-11e3-98e3-001e0b31a79a
 
 
System errors:
=============
Error: (01/02/2014 04:53:50 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/02/2014 04:53:50 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/02/2014 04:53:34 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (01/02/2014 04:52:15 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/02/2014 04:49:51 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/02/2014 04:42:13 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (01/02/2014 04:42:13 PM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1326
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/02/2014 04:41:46 PM) (Source: Service Control Manager) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126
 
Error: (01/02/2014 04:39:42 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/02/2014 03:17:06 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2014 04:45:50 PM) (Source: MsiInstaller)(User: Johnny-PC)
Description: Product: Ask Shopping Toolbar -- Error 25001. The following applications must be closed before continuing the uninstall: 
 
Google Chrome(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/02/2014 02:55:08 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:55:08 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:40 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (01/02/2014 02:38:39 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (12/31/2013 03:01:17 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor. Custom action GetFirefoxLocalProfilePath.AE456DBC_DDBA_441F_BC5E_0CF21D88B0A1 script error -2146827864, Microsoft VBScript runtime error: Object required: 'CreateObject(...).NameSpace(...)' Line 191, Column 7,  (NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (12/31/2013 03:01:09 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122SHELL32.dll6.1.7600.170384fd2dd43c00000050000000000186841e9c01cf0189d0c024e2C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dllb47d541d-71f1-11e3-98e3-001e0b31a79a
 
Error: (12/30/2013 04:13:33 PM) (Source: Application Hang)(User: )
Description: MediaMonkey (non-skinned).exe4.0.7.15111f1c01cf01987fee8eae748C:\PROGRA~2\MEDIAM~1\MediaMonkey (non-skinned).exe3021aaf0-7197-11e3-98e3-001e0b31a79a
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-01-02 15:08:46.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-02 15:08:46.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-12-28 20:07:30.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-26 08:44:19.984
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-26 08:32:17.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 08:38:45.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 06:09:52.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-12-24 06:01:59.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20
Active@ KillDisk (Version: 7.0.4)
ActivePerl 5.10.1 Build 1007 (64-bit) (Version: 5.10.1007)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Help Manager (Version: 4.0.244)
Adobe Media Player (Version: 1.8)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe Story (Version: 1.0.571)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Alpha SF Software Resource Explorer V1.2
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
AppServ 2.5.10 (remove only)
Ask Shopping Toolbar (Version: 12.7.0.2448)
Ask Toolbar (Version: 12.7.0.2279)
Audacity 2.0.3 (Version: 2.0.3)
bl (Version: 1.0.0)
Bonjour (Version: 3.0.0.10)
Camfrog Video Chat 6.6 (Version: 6.6.336)
CCleaner (Version: 3.16)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
CutePDF Writer 3.0 (Version:  3.0)
D3DX10 (Version: 15.4.2368.0902)
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Defraggler (Version: 2.15)
DiskAid 5.06 (Version: 5.06)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
f.lux
Feedback Tool (Version: 1.1.0)
Feedback Tool (Version: 1.2.0)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
FileZilla Client 3.7.3 (Version: 3.7.3)
FileZilla Server (remove only)
Fitbit Base Station (Driver Removal)
Fitbit Connect (Version: 1.0.0.2292)
Fitbit v2.1.0.9 (Version: 2.1.0.9)
Foxit PDF Editor
Foxit Phantom (Version: 1.0.0901)
Foxit Reader (Version: 3.1.2.1013)
Google Chrome (Version: 31.0.1650.63)
Google Gmail Notifier
Google Talk Plugin (Version: 3.2.4.8431)
GTK+ Runtime 2.14.7 rev a (remove only)
HiJackThis (Version: 1.0.0)
HP USB Disk Storage Format Tool
iCloud (Version: 2.1.0.39)
Intel® Processor ID Utility (Version: 4.20.0000)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java SE Development Kit 7 Update 45 (64-bit) (Version: 1.7.0.450)
join.me (Version: 1.10.1.253)
Kinovea (Version: 0.8.15)
K-Lite Codec Pack 5.1.0 (64-bit) (Version: 5.1.0)
LinuxLive USB Creator (Version: 2.8)
Logitech QuickCam Software (Version: 8.47.0000)
Macro Recorder (Version: 5.0.0.126)
Magic ISO Maker v5.5 (build 0265)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 Beta English (Version: 3.5.8044.0)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mp3tag v2.58 (Version: v2.58)
MSVCRT (Version: 15.4.2862.0708)
MYTRAK Manager Installer (Version: 6.0.0.0)
Nitro Reader 3 (Version: 3.0.6.3)
No-IP DUC (Version: 3.0.4)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Oracle VM VirtualBox 4.0.4 (Version: 4.0.4)
Partition Wizard Home Edition 5.0
PC Inspector File Recovery (Version: 4.0)
PDF Settings CS5 (Version: 10.0)
PDF Settings CS6 (Version: 11.0)
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
ph (Version: 1.0.0)
PicPick (Version: 3.2.4)
Pidgin (Version: 2.6.3)
Pinnacle Instant DVD Recorder (Version: 2.5.0.092)
Pinnacle Video Driver (Version: 12.1.0.029)
Poker Dominicano
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
PS3 Media Server (Version: 1.72.0)
PVSonyDll (Version: 1.00.0001)
PxMergeModule (Version: 1.00.0000)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.5772)
Rosetta Stone Ltd Services (Version: 3.2.17)
Rosetta Stone TOTALe (Version: 4.1.1)
Rosetta Stone TOTALe (Version: 4.1.15.1)
Samsung Kies (Version: 2.5.3.13052_10)
Samsung Kies3 (Version: 3.2.13114.22)
Samsung Story Album Viewer (Version: 1.0.0.13054_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0)
Seagate DiscWizard (Version: 13.0.14387)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Skype Click to Call (Version: 6.9.12585)
Skype� 6.11 (Version: 6.11.102)
Smile Camera Setup (Version: 1.0.0)
SQL Server 2008 R2 Management Objects (Version: 10.50.1312.2)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
SQL Server System CLR Types (Version: 10.50.1312.2)
SUPERAntiSpyware (Version: 5.0.1150)
swMSM (Version: 12.0.0.1)
TagScanner 5.1.612
TouchCopy 09 (Version: 9.99)
TreeSize Free V2.7 (Version: 2.7)
TreeSize Professional V5.5.5 (Version: 5.5.5)
Tunatic
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wmdiper (Version: 011.000.1615)
TurboTax 2011 wrapper (Version: 011.000.0121)
TurboTax 2012 (Version: 2012.0)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114)
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451)
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179)
TurboTax 2012 wmdiper (Version: 012.000.1393)
TurboTax 2012 wrapper (Version: 012.000.0127)
Universal Extractor 1.6.1 (Version: 1.6.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
USB for Remote Desktop (Server) 2.8 (Version: 2.8.0.5)
USB over Network (Server) 4.4 (Version: 4.4.0.8)
VLC media player 2.0.2 (Version: 2.0.2)
Vz In Home Agent (Version: 7.01.20)
WampServer 2.4
WhoCrashed 2.00
Windows Driver Package - Mytrakhealth System Inc. (WinUSB) MytrakhealthDevice  (10/02/2009 2.0.0) (Version: 10/02/2009 2.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Movie Maker 6.0.6000.16386
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
WinSCP 4.2.8 (Version: 4.2.8)
Wireshark 1.4.1 (Version: 1.4.1)
Yahoo! Messenger
Yahoo! Software Update
 
========================= Devices: ================================
 
Name: Photosmart C6300 series
Description: Photosmart C6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 35%
Total physical RAM: 8191.37 MB
Available physical RAM: 5311.85 MB
Total Pagefile: 16380.87 MB
Available Pagefile: 13071.69 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.35 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:466.62 GB) (Free:347.01 GB) NTFS
2 Drive d: (New Volume) (Fixed) (Total:2794.3 GB) (Free:2351.95 GB) NTFS
4 Drive f: (Windows8) (Fixed) (Total:464.79 GB) (Free:439.46 GB) NTFS
5 Drive g: (20060514_211414) (CDROM) (Total:3.62 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\JOHNNY-PC
 
Administrator            Guest                    Johnny                   
Karen                    UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
27-12-2013 08:00:33 Windows Update
28-12-2013 08:00:30 Windows Update
29-12-2013 08:00:31 Windows Update
30-12-2013 08:00:44 Windows Update
31-12-2013 02:41:55 Removed Java 7 Update 45
31-12-2013 02:43:46 Installed Java 7 Update 45
31-12-2013 02:56:35 Removed Java 7 Update 45
31-12-2013 02:57:42 Installed Java 7 Update 45 (64-bit)
31-12-2013 08:00:26 Windows Update
01-01-2014 08:00:19 Windows Update
02-01-2014 06:05:57 Installed Java SE Development Kit 7 Update 45 (64-bit)
02-01-2014 08:00:12 Windows Update
02-01-2014 13:39:53 Windows Update
 
**** End of log ****
 
========= End of CMD: =========
 
 
=========  type C:\Users\Johnny\Desktop\RootkitRemover_20140102_171105.log =========
 
[ TimeStamp: 20140102 171105 ]Rootkit Remover v0.8.9.170 [Oct 25 2013 - 15:43:38]
McAfee Labs.
 
Windows build 6.1.7600 x64 
Checking for updates ...
 
 
Scanning for user-mode threats ...
 
Scanning for kernel-mode threats ...
    Scan Result --> No trojan or viruses found!
Scan Finished
========= End of CMD: =========
 
C:\Users\Karen\AppData\Local\{3E28A16D-0731-4846-B607-36155BF20472} => Moved successfully.
C:\Users\Karen\AppData\Local\{B80DA090-5252-4EAE-B0BC-99B7DF6FD324} => Moved successfully.
C:\Users\Karen\AppData\Local\{2398BB77-C674-43F0-BC5A-8B79EB1EA87C} => Moved successfully.
C:\Users\Karen\AppData\Local\{FBB46CE0-1B40-42C4-8928-6891FA62D466} => Moved successfully.
C:\Program Files\Common Files\Microsoft Shared => ":lZtboGD3taniUbNn7JZ7YcN" ADS removed successfully.
C:\Program Files\Common Files\System => ":UuT2QAkehTzpc1G8MERnf1nEf3" ADS removed successfully.
C:\ProgramData\Microsoft => ":6yLOJ80jV92gr02B391ry8T" ADS removed successfully.
C:\ProgramData\Microsoft => ":9YH1gyWy0OY4yNq9TvOitPSmv" ADS removed successfully.
C:\ProgramData\Microsoft => ":CRoGfloKpcZKgcmEgDgEeU" ADS removed successfully.
C:\ProgramData\TEMP => ":FB1B13D8" ADS removed successfully.
"C:\Users\Johnny\Local Settings" => ":efkzyp70RAFQYnnMHxr9IO" ADS not found.
C:\Users\Johnny\AppData\Local => ":efkzyp70RAFQYnnMHxr9IO" ADS removed successfully.
"C:\Users\Johnny\AppData\Local\Application Data" => ":efkzyp70RAFQYnnMHxr9IO" ADS not found.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:27 AM

Posted 03 January 2014 - 09:55 AM

Hello,

 

1) When trying to scan ddrm.ezh, it said it was in use.  I used perfmon to trace the PID and it svchost.exe was running it.  When I killed it by the PID number, it killed the DCOM service which properties are greyed out and tried to shut down the computer.   I ran a shutdown - a at the command prompt so it didnt shut down on me.  Now that is killed, when trying to go into my sound settings, everything is blacked out!  This is probably the problem (or one of them)

 

That's why I asked you to post the results from search.txt (you still didn't post that log file). I suspect that your rpcss.dll is patched and that's why you are hearing these strange sound ads.

Anyway I got what I needed from the Combofix log. :)

 

2) ssubni.ypz permissions were locked.  I was able to assign myself as the admin to that service and ran it.

 

 

The files look like plain text files but their names and date creation are more than suspicious so we should take care of them just in case.

 

 

 

Delete your copy of Combofix and download a fresh one from here.

Save it your desktop but do not run it yet ! <--- important !!!



We need to execute a CFScript to clean some remnants.

Please do this:


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

2. Open notepad => navigate to format and make sure that wordwrap is unchecked. <--- important !!!

3. Copy/paste the text in the codebox below into it:

 


Fcopy::
c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll | c:\windows\system32\rpcss.dll
File::
C:\Windows\system32\uztfo.zuf
C:\Windows\system32\jfjc.fgj
C:\Windows\system32\ddrm.ezh
C:\Windows\system32\cojj.dmq
C:\Windows\system32\ssubni.ypz
Folder::
c:\users\Johnny\AppData\Local\VNT
c:\users\Karen\AppData\Local\VNT
c:\program files (x86)\VNT
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VNT"=-

4. Save this as CFScript.txt, in the same location as ComboFix.exe

5. Close any open browsers.

6. Refering to the picture below, drag CFScript into ComboFix.exe

CFScript.gif

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



Also reply back to let me know how things are going.

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 03 January 2014 - 09:56 AM.

cXfZ4wS.png


#9 menorevs

menorevs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 03 January 2014 - 10:32 PM

I was getting permission issues when trying to start combofix by comping CFScript over.  When restarting the computer I got a white arrow with a black screen and would not get out of it.

 

I had to reinstall windows.  Thank you for your help, you may close this thread.   



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:27 AM

Posted 04 January 2014 - 09:16 AM

Hello,

 

I am sorry to hear for your troubles. You had patched rpcss.dll system file used by the DCOM Launcher service and we had to replace it with a clean copy. It could be done by many ways and just tried one of them. I believe that we could bring the system up and running without a reinstall but often the results when working with infected systems can be unpredictable. Fortunately now you can be sure that your system is completely malware free. You can read the blogs below on how to keep it malware free:

 

http://www.geekstogo.com/how-did-i-get-infected-in-the-first-place/

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

 

Regards,

Georgi


cXfZ4wS.png


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:11:27 AM

Posted 04 January 2014 - 09:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users