Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Sound Files Playing, Resource Hogging and Sudden Reboots


  • This topic is locked This topic is locked
27 replies to this topic

#1 Spell_Blade

Spell_Blade

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Going Crazy...
  • Local time:03:08 AM

Posted 04 January 2014 - 12:16 PM

The problem: The sound files playing seem to be a mix of commercials and television like programs.  It registers in my audio mixer as "Name Not Available" though after I ran HijackThis, the name converted to something like "Host Services" (can't remember exactly as I'm very tired and frustrated).  Once this thing kicks in, the resource usage starts going steadily up.  Over time (anywhere between fifteen minutes to an hour), I get a message that either DCOM or Plug and Play has unexpectedly terminated and the computer needs to restart.
 
I have run AVG, Malwarebytes, HijackThis, rkill and ComboFix (I did not see the warnings when I downloaded it and for that I apologize) plus several others.
 
NOTE: I have noticed that a new message has cropped up as my computer starts.  It flashes by too quickly for me to catch it, but it shows up between the Gateway logo and the Starting Windows message.
 
Here is the DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_29
Run by Mishaela at 10:28:47 on 2014-01-04
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.6071.2967 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SndVol.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360610p106p04c5v1i5k4411r281
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360610p106p04c5v1i5k4411r281
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_29\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_29\bin\jp2ssv.dll
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: sbcglobal.net
Trusted Zone: sbcglobal.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
Trusted Zone: yahoo.com
Trusted Zone: yahoo.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 192.168.0.1
TCP: Interfaces\{0B16AD8C-AA04-4FDE-A46F-C4F5FA6E24E9} : DHCPNameServer = 192.168.0.1 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360610p106p04c5v1i5k4411r281
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-11-16 55856]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-11-8 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-4-11 384800]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-8 46368]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-11-21 22528]
R2 e9f32388;GS Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-2-17 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-11-16 240160]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2009-11-16 283824]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-11-16 56344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-4-16 1025352]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-11-16 233984]
S3 Sscscaegide;Sscscaegide; [x]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
.
=============== Created Last 30 ================
.
2014-01-04 11:42:05 -------- d-----w- C:\Windows\ERUNT
2014-01-04 10:26:14 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-04 10:23:22 -------- d-s---w- C:\ComboFix
2014-01-04 06:35:32 98816 ----a-w- C:\Windows\sed.exe
2014-01-04 06:35:32 256000 ----a-w- C:\Windows\PEV.exe
2014-01-04 06:35:32 208896 ----a-w- C:\Windows\MBR.exe
2014-01-04 06:05:59 82944 ----a-w- C:\Windows\System32\drivers\ipfltdrv.sys.bak
2014-01-04 05:53:55 -------- d-----w- C:\AdwCleaner
2014-01-04 03:36:24 -------- d-----w- C:\Users\Mishaela\AppData\Local\Apps
2014-01-04 03:36:22 -------- d-----w- C:\Users\Mishaela\AppData\Local\Deployment
2014-01-04 02:51:22 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-04 02:50:13 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-03 15:08:53 -------- d-----w- C:\Users\Mishaela\AppData\Roaming\Malwarebytes
2014-01-03 15:08:45 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-03 15:08:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-03 15:08:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-03 15:08:31 -------- d-----w- C:\Users\Mishaela\AppData\Local\Programs
2013-12-31 01:05:28 -------- d-----w- C:\Program Files (x86)\GS Supporter
2013-12-31 01:04:56 -------- d-----w- C:\ProgramData\InstallMate
2013-12-14 15:22:00 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
.
==================== Find3M  ====================
.
2013-12-11 03:38:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 03:38:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-10 18:12:48 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-29 12:39:52 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
.
============= FINISH: 10:29:56.72 ===============

Attached Files


Edited by Spell_Blade, 04 January 2014 - 12:18 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:08 AM

Posted 08 January 2014 - 08:41 PM

Hello, Spell_Blade.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #3 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 08 January 2014 - 09:42 PM

    Thank you for answering.  I have to get ready to roll out the door for work here soon, but I'll take care of this as soon as I get home in the morning.  I'm on an overnight schedule, so it's possible there may be long times between replies.

     

    However, I'm off on Friday morning to Sunday night, so I'll be around for longer periods during that time.

     

    Again, I'll do the assigned homework as soon as I roll in the door.


    Edited by Spell_Blade, 08 January 2014 - 09:43 PM.


    #4 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 09 January 2014 - 09:01 AM

    Okay, fresh from work and I did my homework.

     

    I have noticed that this thing can remain quiet depending on what I'm doing.  However, when I start using Skype voice chat, it randomly unmutes itself fairly regularly.

     

    The requested log:
     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-86CSOGD on 09-01-2014 07:52:44
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)
    HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8312352 2009-10-28] (Realtek Semiconductor)
    HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-19] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Gateway Photo Frame] - C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
    HKLM-x32\...\Run: [InstaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
    HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-08] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
    HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
    HKU\UpdatusUser\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
    HKU\UpdatusUser\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [162336 2009-07-21] ()
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
     
    ==================== Services (Whitelisted) =================
     
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-08] ()
    S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
    S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-05-30] ()
    S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-15] (AVG Technologies CZ, s.r.o.)
    S2 avgwd; C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    S2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-01] (Creative Technology Ltd)
    S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd)
    S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] ()
    S2 e9f32388; C:\Windows\system32\rundll32.exe [45568 2009-07-13] (Microsoft Corporation)
    S2 e9f32388; C:\Windows\SysWow64\rundll32.exe [44544 2009-07-13] (Microsoft Corporation)
    S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
    S3 Sscscaegide; 
    S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
     
    ==================== Drivers (Whitelisted) ====================
     
    S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
    S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
    S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
    S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
    S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [x]
    S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-09 07:52 - 2014-01-09 07:52 - 00000000 ____D C:\FRST
    2014-01-08 08:04 - 2014-01-08 08:04 - 00024422 _____ C:\Users\Mishaela\Documents\Wendy 20.html
    2014-01-08 07:55 - 2014-01-08 07:55 - 00151941 _____ C:\Users\Mishaela\Documents\Wendy 19.html
    2014-01-08 06:55 - 2014-01-08 06:55 - 00122417 _____ C:\Users\Mishaela\Documents\Wendy 18.html
    2014-01-07 21:17 - 2014-01-07 21:17 - 00103415 _____ C:\Users\Mishaela\Documents\Wendy 17.html
    2014-01-07 20:16 - 2014-01-07 20:51 - 00211821 _____ C:\Users\Mishaela\Documents\Wendy 16.html
    2014-01-07 07:46 - 2014-01-07 09:13 - 00276747 _____ C:\Users\Mishaela\Documents\Wendy 15.html
    2014-01-07 07:14 - 2014-01-07 07:14 - 00105134 _____ C:\Users\Mishaela\Documents\Wendy 14.html
    2014-01-07 00:02 - 2014-01-07 00:02 - 00316710 _____ C:\Users\Mishaela\Documents\Wendy 13.html
    2014-01-06 22:01 - 2014-01-06 22:13 - 00247619 _____ C:\Users\Mishaela\Documents\Wendy 12.html
    2014-01-06 17:25 - 2014-01-06 17:25 - 00150787 _____ C:\Users\Mishaela\Documents\Wendy 11.html
    2014-01-06 05:45 - 2014-01-06 05:45 - 00000000 __SHD C:\found.000
    2014-01-06 04:34 - 2014-01-06 04:34 - 00084674 _____ C:\Users\Mishaela\Documents\Wendy 10.html
    2014-01-06 03:10 - 2014-01-06 03:31 - 00201933 _____ C:\Users\Mishaela\Documents\Wendy 09.html
    2014-01-05 01:48 - 2014-01-05 03:41 - 00475606 _____ C:\Users\Mishaela\Documents\Wendy 08.html
    2014-01-04 22:00 - 2014-01-04 23:45 - 00559884 _____ C:\Users\Mishaela\Documents\Wendy 07.html
    2014-01-04 19:54 - 2014-01-04 19:54 - 00067542 _____ C:\Users\Mishaela\Documents\Wendy 06.html
    2014-01-04 19:03 - 2014-01-04 19:03 - 00161192 _____ C:\Users\Mishaela\Documents\Wendy 05.html
    2014-01-04 11:17 - 2014-01-04 12:01 - 00262178 _____ C:\Users\Mishaela\Documents\Wendy 04.html
    2014-01-04 09:05 - 2014-01-04 09:05 - 00002327 _____ C:\Users\Mishaela\Desktop\attach.zip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00002288 _____ C:\Users\Public\Desktop\WinZip.lnk
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\Users\Mishaela\AppData\Local\WinZip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\ProgramData\WinZip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\Program Files\WinZip
    2014-01-04 09:01 - 2014-01-04 09:01 - 00420808 _____ (WinZip Computing) C:\Users\Mishaela\Downloads\WinZip180.exe
    2014-01-04 08:31 - 2014-01-04 08:32 - 00015102 _____ C:\Users\Mishaela\Desktop\dds.txt
    2014-01-04 08:31 - 2014-01-04 08:31 - 00005443 _____ C:\Users\Mishaela\Desktop\attach.txt
    2014-01-04 08:27 - 2014-01-04 08:27 - 00688992 ____R (Swearware) C:\Users\Mishaela\Downloads\dds.com
    2014-01-04 05:07 - 2014-01-04 05:07 - 00000636 _____ C:\Users\Mishaela\Desktop\JRT.txt
    2014-01-04 05:04 - 2014-01-04 05:04 - 00000000 ____D C:\Users\Mishaela\Desktop\Old AV Reports
    2014-01-04 04:59 - 2014-01-04 04:59 - 00000000 ____D C:\Users\Mishaela\Downloads\backups
    2014-01-04 03:49 - 2014-01-04 03:49 - 00012723 _____ C:\Users\Mishaela\Downloads\hijackthis.log
    2014-01-04 03:48 - 2014-01-04 03:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mishaela\Downloads\HijackThis.exe
    2014-01-04 03:47 - 2014-01-04 03:47 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT (2).exe
    2014-01-04 03:44 - 2014-01-04 03:44 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT (1).exe
    2014-01-04 03:42 - 2014-01-04 03:42 - 00000000 ____D C:\Windows\ERUNT
    2014-01-04 03:41 - 2014-01-04 03:41 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT.exe
    2014-01-04 03:31 - 2014-01-04 03:31 - 01931368 _____ (Farbar) C:\Users\Mishaela\Downloads\FRST64.exe
    2014-01-04 03:28 - 2014-01-04 03:29 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mishaela\Downloads\tdsskiller (1).exe
    2014-01-04 02:42 - 2014-01-04 02:42 - 00347816 _____ (Microsoft Corporation) C:\Users\Mishaela\Downloads\MicrosoftFixit.Performance.LB.1503122591523502.1.1.Run.exe
    2014-01-04 02:23 - 2014-01-04 02:23 - 00000000 ___SD C:\ComboFix
    2014-01-04 02:05 - 2014-01-04 02:05 - 00328852 _____ C:\Users\Mishaela\Documents\Wendy 03.html
    2014-01-03 23:08 - 2014-01-03 23:08 - 00019158 _____ C:\ComboFix.txt
    2014-01-03 22:35 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-03 22:35 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-03 22:35 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-03 22:35 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-03 22:35 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-03 22:35 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-03 22:35 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-03 22:35 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-03 22:34 - 2014-01-04 02:23 - 00000000 ____D C:\Qoobox
    2014-01-03 22:34 - 2014-01-03 23:06 - 00000000 ____D C:\Windows\erdnt
    2014-01-03 22:33 - 2014-01-03 22:34 - 05160001 ____R (Swearware) C:\Users\Mishaela\Downloads\ComboFix.exe
    2014-01-03 22:06 - 2014-01-04 02:15 - 13391720 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 02018080 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 01898576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 01659984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 01524816 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00947776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00654928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00651264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00407040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00374864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00367168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00363584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00318976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00309248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00294992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00259072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00224832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00220752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00217680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00214096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00185936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00183872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00171600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00167488 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00162816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00157184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00155216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00153152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00149056 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00140352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00128592 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00122960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00115776 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00114752 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00113152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00109480 _____ (JMicron Technology Corp.) C:\Windows\System32\Drivers\jraid.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00106560 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00104016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00095312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00094784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00094208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00092672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00088576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00075840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00073984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00072832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00071760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00068864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00065600 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00064592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00064080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00062544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00060496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00057856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00055856 _____ (Sonic Solutions) C:\Windows\System32\Drivers\PxHlpa64.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00053760 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00051264 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00050768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00050768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00049216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00048720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00042064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00036432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00035392 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00032320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00030272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00027776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00024656 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00021056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00020544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00016464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00012496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00012352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00011136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00008064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00007936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00006784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-03 22:06 - 2014-01-04 02:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00233984 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00120320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:15 - 00016960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 07749408 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 03286016 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00974848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00751616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00530496 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00491088 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00468480 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00460504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00410688 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00409624 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00384800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00350208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00339536 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00334416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00307040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00290368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00288336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00283824 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k62x64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00270848 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00258048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00223448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00195072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00182864 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00178752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00155728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00127328 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00106576 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00105472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00097856 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00095232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00090624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00087632 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00073280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00070224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00065088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00061008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00056344 _____ (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00055376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00055128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00047696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00039504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00036944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\System32\Drivers\hamachi.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00029776 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsfiltera.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00028752 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00028736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00028480 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00027216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00024144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00024128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00023104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00017664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00015440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00014416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00010224 _____ (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00010224 _____ (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-03 22:05 - 2014-01-04 02:14 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-03 21:53 - 2014-01-04 02:11 - 00000000 ____D C:\AdwCleaner
    2014-01-03 21:52 - 2014-01-03 21:52 - 00291760 _____ C:\Windows\Minidump\010314-21590-01.dmp
    2014-01-03 19:36 - 2014-01-03 19:37 - 00000000 ____D C:\Users\Mishaela\AppData\Local\Deployment
    2014-01-03 19:36 - 2014-01-03 19:36 - 00000000 ____D C:\Users\Mishaela\AppData\Local\Apps\2.0
    2014-01-03 18:51 - 2014-01-03 19:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-03 18:50 - 2014-01-03 18:50 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-01-03 18:47 - 2014-01-03 18:48 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Mishaela\Downloads\mbar-1.07.0.1008.exe
    2014-01-03 16:57 - 2014-01-03 16:57 - 01931088 _____ (Symantec Corporation) C:\Users\Mishaela\Downloads\FixTDSS.exe
    2014-01-03 09:50 - 2014-01-03 09:50 - 00277921 _____ C:\Users\Mishaela\Documents\Wendy 02.html
    2014-01-03 07:08 - 2014-01-03 07:08 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Users\Mishaela\AppData\Roaming\Malwarebytes
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-03 07:08 - 2013-04-04 12:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-01-03 07:07 - 2014-01-03 07:08 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mishaela\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-03 07:03 - 2014-01-03 07:03 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Mishaela\Downloads\rkill.com
    2014-01-03 06:56 - 2014-01-03 06:56 - 04101441 _____ C:\Users\Mishaela\Downloads\tdsskiller.zip
    2014-01-03 06:55 - 2014-01-03 06:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mishaela\Downloads\tdsskiller.exe
    2014-01-03 06:10 - 2014-01-03 06:10 - 00037376 _____ C:\Windows\System32\hdwugou.gwn
    2014-01-03 06:00 - 2014-01-08 07:08 - 00000082 _____ C:\Windows\System32\inim.nll
    2014-01-03 06:00 - 2014-01-03 06:10 - 00000102 _____ C:\Windows\System32\pquzlpm.ghc
    2014-01-03 06:00 - 2014-01-03 06:00 - 00000064 _____ C:\Windows\System32\lcxtcd.vbk
    2014-01-03 05:43 - 2014-01-03 05:43 - 00219314 ____S C:\Windows\System32\nxtqz.mbz
    2014-01-01 09:51 - 2014-01-02 19:33 - 01300372 _____ C:\Users\Mishaela\Documents\Wendy 01.html
    2013-12-30 17:08 - 2013-12-30 17:08 - 02273810 _____ C:\Users\Mishaela\Downloads\mcpatcher-4.3.1.exe
    2013-12-30 17:05 - 2013-12-30 17:05 - 00000000 ____D C:\Program Files (x86)\GS Supporter
    2013-12-30 17:04 - 2013-12-30 17:05 - 00000000 ____D C:\ProgramData\InstallMate
    2013-12-30 07:06 - 2013-12-30 07:06 - 00749478 _____ C:\Users\Mishaela\Documents\Kayle 02.html
    2013-12-20 13:33 - 2013-12-20 13:33 - 00767181 _____ C:\Users\Mishaela\Documents\Kayle 01.html
    2013-12-15 10:42 - 2013-12-20 07:54 - 03125379 _____ C:\Users\Mishaela\Documents\Severa 01.html
    2013-12-14 07:22 - 2013-12-14 07:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-09 07:52 - 2014-01-09 07:52 - 00000000 ____D C:\FRST
    2014-01-09 05:40 - 2010-06-04 08:35 - 00000000 ____D C:\ProgramData\NVIDIA
    2014-01-09 05:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-09 05:40 - 2009-07-13 20:51 - 00065552 _____ C:\Windows\setupact.log
    2014-01-08 08:05 - 2010-02-17 21:13 - 01533406 _____ C:\Windows\WindowsUpdate.log
    2014-01-08 08:05 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-08 08:05 - 2009-07-13 20:45 - 00009696 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-08 08:04 - 2014-01-08 08:04 - 00024422 _____ C:\Users\Mishaela\Documents\Wendy 20.html
    2014-01-08 08:04 - 2010-08-28 16:46 - 00000000 ____D C:\Users\Mishaela\AppData\Roaming\Skype
    2014-01-08 07:57 - 2010-06-04 08:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-08 07:55 - 2014-01-08 07:55 - 00151941 _____ C:\Users\Mishaela\Documents\Wendy 19.html
    2014-01-08 07:38 - 2012-07-19 04:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-01-08 07:08 - 2014-01-03 06:00 - 00000082 _____ C:\Windows\System32\inim.nll
    2014-01-08 07:07 - 2010-06-04 08:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-08 07:04 - 2011-02-15 19:38 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2014-01-08 06:55 - 2014-01-08 06:55 - 00122417 _____ C:\Users\Mishaela\Documents\Wendy 18.html
    2014-01-08 06:13 - 2012-09-21 08:00 - 00007602 _____ C:\Users\Mishaela\AppData\Local\Resmon.ResmonCfg
    2014-01-08 01:49 - 2012-11-23 05:41 - 00000000 ____D C:\Users\Mishaela\AppData\Roaming\.minecraft
    2014-01-07 21:17 - 2014-01-07 21:17 - 00103415 _____ C:\Users\Mishaela\Documents\Wendy 17.html
    2014-01-07 20:51 - 2014-01-07 20:16 - 00211821 _____ C:\Users\Mishaela\Documents\Wendy 16.html
    2014-01-07 15:48 - 2010-11-29 19:45 - 00000938 _____ C:\Users\Mishaela\Documents\Absences.txt
    2014-01-07 09:13 - 2014-01-07 07:46 - 00276747 _____ C:\Users\Mishaela\Documents\Wendy 15.html
    2014-01-07 07:14 - 2014-01-07 07:14 - 00105134 _____ C:\Users\Mishaela\Documents\Wendy 14.html
    2014-01-07 00:02 - 2014-01-07 00:02 - 00316710 _____ C:\Users\Mishaela\Documents\Wendy 13.html
    2014-01-06 22:13 - 2014-01-06 22:01 - 00247619 _____ C:\Users\Mishaela\Documents\Wendy 12.html
    2014-01-06 20:01 - 2012-12-12 19:11 - 00000000 ____D C:\Users\Mishaela\AppData\Local\LogMeIn Hamachi
    2014-01-06 17:25 - 2014-01-06 17:25 - 00150787 _____ C:\Users\Mishaela\Documents\Wendy 11.html
    2014-01-06 05:45 - 2014-01-06 05:45 - 00000000 __SHD C:\found.000
    2014-01-06 04:34 - 2014-01-06 04:34 - 00084674 _____ C:\Users\Mishaela\Documents\Wendy 10.html
    2014-01-06 03:31 - 2014-01-06 03:10 - 00201933 _____ C:\Users\Mishaela\Documents\Wendy 09.html
    2014-01-05 13:45 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2014-01-05 03:41 - 2014-01-05 01:48 - 00475606 _____ C:\Users\Mishaela\Documents\Wendy 08.html
    2014-01-04 23:45 - 2014-01-04 22:00 - 00559884 _____ C:\Users\Mishaela\Documents\Wendy 07.html
    2014-01-04 19:54 - 2014-01-04 19:54 - 00067542 _____ C:\Users\Mishaela\Documents\Wendy 06.html
    2014-01-04 19:03 - 2014-01-04 19:03 - 00161192 _____ C:\Users\Mishaela\Documents\Wendy 05.html
    2014-01-04 17:28 - 2013-03-31 06:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2014-01-04 17:28 - 2013-03-31 06:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2014-01-04 12:01 - 2014-01-04 11:17 - 00262178 _____ C:\Users\Mishaela\Documents\Wendy 04.html
    2014-01-04 09:05 - 2014-01-04 09:05 - 00002327 _____ C:\Users\Mishaela\Desktop\attach.zip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00002288 _____ C:\Users\Public\Desktop\WinZip.lnk
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\Users\Mishaela\AppData\Local\WinZip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\ProgramData\WinZip
    2014-01-04 09:04 - 2014-01-04 09:04 - 00000000 ____D C:\Program Files\WinZip
    2014-01-04 09:01 - 2014-01-04 09:01 - 00420808 _____ (WinZip Computing) C:\Users\Mishaela\Downloads\WinZip180.exe
    2014-01-04 08:32 - 2014-01-04 08:31 - 00015102 _____ C:\Users\Mishaela\Desktop\dds.txt
    2014-01-04 08:31 - 2014-01-04 08:31 - 00005443 _____ C:\Users\Mishaela\Desktop\attach.txt
    2014-01-04 08:27 - 2014-01-04 08:27 - 00688992 ____R (Swearware) C:\Users\Mishaela\Downloads\dds.com
    2014-01-04 05:15 - 2012-05-24 06:16 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2014-01-04 05:07 - 2014-01-04 05:07 - 00000636 _____ C:\Users\Mishaela\Desktop\JRT.txt
    2014-01-04 05:04 - 2014-01-04 05:04 - 00000000 ____D C:\Users\Mishaela\Desktop\Old AV Reports
    2014-01-04 04:59 - 2014-01-04 04:59 - 00000000 ____D C:\Users\Mishaela\Downloads\backups
    2014-01-04 03:49 - 2014-01-04 03:49 - 00012723 _____ C:\Users\Mishaela\Downloads\hijackthis.log
    2014-01-04 03:48 - 2014-01-04 03:48 - 00388608 _____ (Trend Micro Inc.) C:\Users\Mishaela\Downloads\HijackThis.exe
    2014-01-04 03:47 - 2014-01-04 03:47 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT (2).exe
    2014-01-04 03:44 - 2014-01-04 03:44 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT (1).exe
    2014-01-04 03:42 - 2014-01-04 03:42 - 00000000 ____D C:\Windows\ERUNT
    2014-01-04 03:41 - 2014-01-04 03:41 - 01036305 _____ (Thisisu) C:\Users\Mishaela\Downloads\JRT.exe
    2014-01-04 03:31 - 2014-01-04 03:31 - 01931368 _____ (Farbar) C:\Users\Mishaela\Downloads\FRST64.exe
    2014-01-04 03:29 - 2014-01-04 03:28 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mishaela\Downloads\tdsskiller (1).exe
    2014-01-04 02:42 - 2014-01-04 02:42 - 00347816 _____ (Microsoft Corporation) C:\Users\Mishaela\Downloads\MicrosoftFixit.Performance.LB.1503122591523502.1.1.Run.exe
    2014-01-04 02:26 - 2012-11-07 05:39 - 00000000 ____D C:\Program Files (x86)\Steam
    2014-01-04 02:23 - 2014-01-04 02:23 - 00000000 ___SD C:\ComboFix
    2014-01-04 02:23 - 2014-01-03 22:34 - 00000000 ____D C:\Qoobox
    2014-01-04 02:15 - 2014-01-03 22:06 - 13391720 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 02018080 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 01898576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 01659984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 01524816 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00947776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00654928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00651264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00465408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00426496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00407040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00374864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00367168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00363584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00324608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00318976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00309248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00294992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00259072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00224832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00220752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00217680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00214096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00185936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00183872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00172544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00171600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00167488 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00162816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00157184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00155216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00153152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00149056 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00140352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00131584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00128592 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00125952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00122960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00115776 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00114752 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00113152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00109480 _____ (JMicron Technology Corp.) C:\Windows\System32\Drivers\jraid.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00106560 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00104016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00097280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00095312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00094784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00094208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00092672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00088576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00075840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00073984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00072832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00071760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00068864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00065600 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00064592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00064080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00062544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00060496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00059904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00057856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00055856 _____ (Sonic Solutions) C:\Windows\System32\Drivers\PxHlpa64.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00053760 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00051264 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00050768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00050768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00049216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00048720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00042064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00036432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00035392 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00032320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00030272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00027776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00024656 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00021056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksthunk.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00020544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00016464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00012496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00012352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00011136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00008064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00007936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00007680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00006784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:06 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00233984 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00120320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-04 02:15 - 2014-01-03 22:05 - 00016960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 07749408 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 03286016 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbda.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00974848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00751616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00530496 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00500224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00491088 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00468480 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbda.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00460504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00410688 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00409624 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00384800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00350208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00339536 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00334416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00307040 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00290368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00288336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00283824 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k62x64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00270848 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00258048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00227840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00223448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00195072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00182864 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00178752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00155728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00127328 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00122368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00116224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00106576 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00105472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00097856 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00095232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00090624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00087632 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00077888 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00073280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00070224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00065088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00064512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00061008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00056344 _____ (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00055376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00055128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00047696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00046592 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00039504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00036944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00033856 _____ (LogMeIn, Inc.) C:\Windows\System32\Drivers\hamachi.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00029776 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsfiltera.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00028752 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00028736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00028480 _____ (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00027216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00024144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00024128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00023104 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00017664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00015440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00014416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00010224 _____ (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00010224 _____ (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-04 02:14 - 2014-01-03 22:05 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-04 02:11 - 2014-01-03 21:53 - 00000000 ____D C:\AdwCleaner
    2014-01-04 02:05 - 2014-01-04 02:05 - 00328852 _____ C:\Users\Mishaela\Documents\Wendy 03.html
    2014-01-03 23:14 - 2009-11-16 02:21 - 00276752 _____ C:\Windows\PFRO.log
    2014-01-03 23:08 - 2014-01-03 23:08 - 00019158 _____ C:\ComboFix.txt
    2014-01-03 23:08 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
    2014-01-03 23:06 - 2014-01-03 22:34 - 00000000 ____D C:\Windows\erdnt
    2014-01-03 23:05 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
    2014-01-03 22:34 - 2014-01-03 22:33 - 05160001 ____R (Swearware) C:\Users\Mishaela\Downloads\ComboFix.exe
    2014-01-03 22:21 - 2013-06-14 05:24 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2014-01-03 21:52 - 2014-01-03 21:52 - 00291760 _____ C:\Windows\Minidump\010314-21590-01.dmp
    2014-01-03 21:52 - 2011-02-15 18:44 - 423930988 _____ C:\Windows\MEMORY.DMP
    2014-01-03 21:52 - 2011-02-15 18:44 - 00000000 ____D C:\Windows\Minidump
    2014-01-03 21:50 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-03 19:37 - 2014-01-03 19:36 - 00000000 ____D C:\Users\Mishaela\AppData\Local\Deployment
    2014-01-03 19:36 - 2014-01-03 19:36 - 00000000 ____D C:\Users\Mishaela\AppData\Local\Apps\2.0
    2014-01-03 19:09 - 2014-01-03 18:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-01-03 18:50 - 2014-01-03 18:50 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-01-03 18:48 - 2014-01-03 18:47 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Mishaela\Downloads\mbar-1.07.0.1008.exe
    2014-01-03 16:57 - 2014-01-03 16:57 - 01931088 _____ (Symantec Corporation) C:\Users\Mishaela\Downloads\FixTDSS.exe
    2014-01-03 09:50 - 2014-01-03 09:50 - 00277921 _____ C:\Users\Mishaela\Documents\Wendy 02.html
    2014-01-03 07:08 - 2014-01-03 07:08 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Users\Mishaela\AppData\Roaming\Malwarebytes
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\ProgramData\Malwarebytes
    2014-01-03 07:08 - 2014-01-03 07:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-03 07:08 - 2014-01-03 07:07 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Mishaela\Downloads\mbam-setup-1.75.0.1300.exe
    2014-01-03 07:03 - 2014-01-03 07:03 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Mishaela\Downloads\rkill.com
    2014-01-03 06:56 - 2014-01-03 06:56 - 04101441 _____ C:\Users\Mishaela\Downloads\tdsskiller.zip
    2014-01-03 06:55 - 2014-01-03 06:55 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Mishaela\Downloads\tdsskiller.exe
    2014-01-03 06:10 - 2014-01-03 06:10 - 00037376 _____ C:\Windows\System32\hdwugou.gwn
    2014-01-03 06:10 - 2014-01-03 06:00 - 00000102 _____ C:\Windows\System32\pquzlpm.ghc
    2014-01-03 06:00 - 2014-01-03 06:00 - 00000064 _____ C:\Windows\System32\lcxtcd.vbk
    2014-01-03 06:00 - 2009-07-13 21:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2014-01-03 05:43 - 2014-01-03 05:43 - 00219314 ____S C:\Windows\System32\nxtqz.mbz
    2014-01-03 05:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
    2014-01-02 19:33 - 2014-01-01 09:51 - 01300372 _____ C:\Users\Mishaela\Documents\Wendy 01.html
    2013-12-30 17:08 - 2013-12-30 17:08 - 02273810 _____ C:\Users\Mishaela\Downloads\mcpatcher-4.3.1.exe
    2013-12-30 17:05 - 2013-12-30 17:05 - 00000000 ____D C:\Program Files (x86)\GS Supporter
    2013-12-30 17:05 - 2013-12-30 17:04 - 00000000 ____D C:\ProgramData\InstallMate
    2013-12-30 07:06 - 2013-12-30 07:06 - 00749478 _____ C:\Users\Mishaela\Documents\Kayle 02.html
    2013-12-28 08:49 - 2011-08-14 05:39 - 00218112 _____ C:\Users\Mishaela\AppData\Roaming\SharedSettings.ccs
    2013-12-20 13:33 - 2013-12-20 13:33 - 00767181 _____ C:\Users\Mishaela\Documents\Kayle 01.html
    2013-12-20 07:54 - 2013-12-15 10:42 - 03125379 _____ C:\Users\Mishaela\Documents\Severa 01.html
    2013-12-15 07:17 - 2013-12-09 09:32 - 02894686 _____ C:\Users\Mishaela\Documents\JulesCloud04.html
    2013-12-14 07:22 - 2013-12-14 07:22 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
    2013-12-10 19:38 - 2012-07-19 04:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-12-10 19:38 - 2012-07-19 04:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2013-12-10 19:38 - 2011-07-10 05:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
     
    Some content of TEMP:
    ====================
    C:\Users\Mishaela\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Mishaela\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Known DLLs (Whitelisted) ================
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) D138EBABA83F07A653C07506E1BF747D
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2014-01-06 15:32:05
    Restore point made on: 2014-01-06 20:37:29
    Restore point made on: 2014-01-07 01:38:39
    Restore point made on: 2014-01-07 06:39:38
    Restore point made on: 2014-01-07 16:42:05
    Restore point made on: 2014-01-07 21:43:07
    Restore point made on: 2014-01-08 02:44:24
    Restore point made on: 2014-01-08 07:46:32
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 6071.09 MB
    Available physical RAM: 5249.88 MB
    Total Pagefile: 6069.24 MB
    Available Pagefile: 5246.38 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.87 MB
     
    ==================== Drives ================================
     
    Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:606.95 GB) NTFS
    Drive d: (Yazoo) (Fixed) (Total:289.39 GB) (Free:73.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive f: (FACTORY_IMAGE) (Fixed) (Total:8.7 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: (PQSERVICE) (Fixed) (Total:13 GB) (Free:5.49 GB) NTFS
    Drive i: (USB20FD) (Removable) (Total:15.22 GB) (Free:15.21 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: D3FF55A9)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=918 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (Size: 298 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Active) - (Size=15 GB) - (Type=0C)
     
     
    LastRegBack: 2013-12-29 22:10
     
    ==================== End Of Log ============================


    #5 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:08 AM

    Posted 09 January 2014 - 08:52 PM


    Hello, Spell_Blade.
     
     
    Step 1
     
    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
     

    HKLM-x32\...\Run: [] - [x]

    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    2014-01-03 06:10 - 2014-01-03 06:10 - 00037376 _____ C:\Windows\System32\hdwugou.gwn
    2014-01-03 06:10 - 2014-01-03 06:00 - 00000102 _____ C:\Windows\System32\pquzlpm.ghc
    2014-01-03 06:00 - 2014-01-03 06:00 - 00000064 _____ C:\Windows\System32\lcxtcd.vbk
    2014-01-03 05:43 - 2014-01-03 05:43 - 00219314 ____S C:\Windows\System32\nxtqz.mbz
     

     

     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
     
     
    On Vista or Windows 7: Now please enter System Recovery Options.
     
    On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.
     
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
     
     
     
    Step 2
     
     
    While still in FRST, type rpcss.dll in the search box and press Search File(s).  It will make a log named search.txt in the same location as FRST.  Please also post this log.
     
    etavares

     


    Edited by etavares, 09 January 2014 - 08:52 PM.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #6 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 09 January 2014 - 09:25 PM

    I'll take care of this first thing in the morning, Etavares.  You should have the log immediately aftwards.



    #7 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 10 January 2014 - 09:05 AM

    Ran the FRST with the fixlist.txt as you instructed.  Searched for the rpcss.dll as well.

     

    Now, when I try to boot the computer normally, I get a black screen with the mouse cursor.  The activity light twitches as if it's trying to do something, but I never make it to my password screen.  I do hope this is merely temporary.

     

    Fixlog:
     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-10 07:42:12 Run:1
    Running from I:\
    Boot Mode: Recovery
    ==============================================
     
    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] - [x]
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
    ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
    2014-01-03 06:10 - 2014-01-03 06:10 - 00037376 _____ C:\Windows\System32\hdwugou.gwn
    2014-01-03 06:10 - 2014-01-03 06:00 - 00000102 _____ C:\Windows\System32\pquzlpm.ghc
    2014-01-03 06:00 - 2014-01-03 06:00 - 00000064 _____ C:\Windows\System32\lcxtcd.vbk
    2014-01-03 05:43 - 2014-01-03 05:43 - 00219314 ____S C:\Windows\System32\nxtqz.mbz
    *****************
     
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk => Moved successfully.
    C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe => Moved successfully.
    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found.
    C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe not found.
    C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk => Moved successfully.
    C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe not found.
    C:\Windows\System32\hdwugou.gwn => Moved successfully.
    C:\Windows\System32\pquzlpm.ghc => Moved successfully.
    C:\Windows\System32\lcxtcd.vbk => Moved successfully.
    C:\Windows\System32\nxtqz.mbz => Moved successfully.
     
    ==== End of Fixlog ====
     
    Search.txt:
     
    Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-10 07:42:55
    Running from I:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    C:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0510464 ____A (Microsoft Corporation) D138EBABA83F07A653C07506E1BF747D
     
    X:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    X:\Windows\System32\rpcss.dll
    [2009-07-13 16:00] - [2009-07-13 17:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027
     
    ====== End Of Search ======


    #8 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:08 AM

    Posted 10 January 2014 - 12:37 PM

    Hi,

     

    That's pretty common.  It should be resolved this with this.  Please open Notepad and copy/paste the contents of the code box into it.  Save it as fixlist.txt to the flash drive with FRST.

     

    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll

     

    Boot up the computer as before and in FRST press Fix just once.  It will make a log on the flash drive called fixlog.txt.  Post that in your reply.  Also, try to boot normally after that and let me know how that goes as well.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #9 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 10 January 2014 - 01:34 PM

    Yes!  My baby is back up and running.  Even better, I'm not seeing the "Name Not Available" in the mixer and I'm not hearing the unwanted ads.  My poor baby still seems a bit sluggish, though.  I'm sure, however, that we still have some work to do.

    Fixlog:

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-10 12:21:10 Run:2
    Running from I:\
    Boot Mode: Recovery
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
     
    ==== End of Fixlog ====
     
     
     
    What's next, good sir?


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:08 AM

    Posted 10 January 2014 - 02:04 PM

    Hello, Spell_Blade.

     

    Looking better.  We'll run a couple of scans to confirm we've got everything.  If these look good, we'll update a few programs with known security holes and see if we can't improve the responsiveness.

     

     
    Step 1
     
    Please download Malwarebytes Anti-Malware and save it to your desktop.
     
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
  • Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
     
     
     
    Step 2
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 10 January 2014 - 02:49 PM

    It seems to default to "Remove Found Threats."  Do I leave this checked as well as ticking the other box?



    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:08 AM

    Posted 10 January 2014 - 03:29 PM

    Best to uncheck "remove found threats" to be safe.  If it finds something we'll delete it manually if it's malicious.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 10 January 2014 - 05:06 PM

    Ran MalwareBytes.  No threats found.  Running ESET now.  It's been scanning over an hour and it's only 23% at the moment, but it's already detected Win64/Patched.H.trojan.

     

    Wanted to give you a heads-up while you wait.  The ESET is going to take a while.

     

    Malwarebytes Log:

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Database version: v2014.01.10.06
     
    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Mishaela :: SEPHIROTH [administrator]
     
    1/10/2014 1:25:15 PM
    mbam-log-2014-01-10 (13-25-15).txt
     
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 252829
    Time elapsed: 6 minute(s), 49 second(s)
     
    Memory Processes Detected: 0
    (No malicious items detected)
     
    Memory Modules Detected: 0
    (No malicious items detected)
     
    Registry Keys Detected: 0
    (No malicious items detected)
     
    Registry Values Detected: 0
    (No malicious items detected)
     
    Registry Data Items Detected: 0
    (No malicious items detected)
     
    Folders Detected: 0
    (No malicious items detected)
     
    Files Detected: 0
    (No malicious items detected)
     
    (end)


    #14 Spell_Blade

    Spell_Blade
    • Topic Starter

    • Members
    • 16 posts
    • OFFLINE
    •  
    • Gender:Not Telling
    • Location:Going Crazy...
    • Local time:03:08 AM

    Posted 10 January 2014 - 10:31 PM

    And yikes.

     

    ESET log:

     

    C:\FRST\Quarantine\rpcss.dll Win64/Patched.H trojan

    E:\Users\Mish\AppData\Local\tnppbh\pmrlsysguard.exe Win32/Adware.SpyProtector.N application
    E:\Users\Mish\Desktop\Downloaded Programs\Magic.ISO.Maker.v5.4_KEYGEN-FFF.zip a variant of Generik.NHFLGBP trojan
    E:\Users\Mish\Jenova\start.exe a variant of Generik.CQDIXFM trojan
    E:\Windows\System32\573315093.dll Win32/Agent.PJR trojan
    E:\Windows\System32\CMlSCJlm.ini Win32/Adware.Virtumonde.NEO application
    E:\Windows\System32\kdyqerqd.ini Win32/Adware.Virtumonde.NEO application
     
    Except for the first, these are all on my slaved in HD.

    Edited by Spell_Blade, 10 January 2014 - 10:34 PM.


    #15 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:05:08 AM

    Posted 11 January 2014 - 06:30 AM

    Hi Spell_Blade,

     

    I'll give you a warning about cracks and keygens...they are an extremely common vector of serious infections.

     

     

    Step 1

     

    We should remove the ones in the slaved hard drive.

     

    Open notepad, copy/paste the lines below in the code box and save this as fixlist.txt to your desktop.  Move FRST from the flash drive to your desktop...no need to boot into the recovery environment, we can do this from within windows at this point.

    E:\Users\Mish\AppData\Local\tnppbh\pmrlsysguard.exe
    E:\Users\Mish\Desktop\Downloaded Programs\Magic.ISO.Maker.v5.4_KEYGEN-FFF.zip
    E:\Users\Mish\Jenova\start.exe
    E:\Windows\System32\573315093.dll
    E:\Windows\System32\CMlSCJlm.ini
    E:\Windows\System32\kdyqerqd.ini

    Open FRST, and click Fix just once.  Please post the resulting log.

     

     

     

    Step 2

     

    Adobe no longer updates Adobe REader 9 after June.  Please go to add/remove programs and uninstall Adobe Reader 9.5.5.  Go to http://get.adobe.com/reader/ , UNCHECK the box for Optional Offer for McAfee SEcurity Scan before downloading, and install Adobe Reader XI if you still wish to have it.  Poisoned PDFs are a common way to get a virus, so this is important.

     

    Step 3

     

    You have an outdated version of 32bit Java installed.  This is a security hole as well.  Please go to add/remove programs and uninstall Java™ 6 Update 29.  You do have the most recent version of 64 bit Java installed.  If you modified your IE shortcut to use the 64 bit version, just uninstall that.  If you did not change the shortcut, please go to http://www.java.com and download Java 7 Update 45 for 32bit and install that.

     

    Step 4

    Please open FRST on your desktop, click Scan and post the resulting log here for me to verify everything is OK.  Is your computer running good at this point?

     

    -etavares


    Edited by etavares, 11 January 2014 - 06:34 AM.
    cut out half the post when clicked Post.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users