Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit? Random Audio Playing from speakers with no apps running


  • This topic is locked This topic is locked
20 replies to this topic

#1 trek8500xtr

trek8500xtr

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 06 January 2014 - 12:25 PM

I have a laptop that since this weekend has random audio playing from the speakers anytime it is connected to the internet.  There appears to be no applications running in the background.  It only plays when connected to the internet. Under "Volume Mixer" I see a "Name Not Available" that seems to be the sources of the audio.  Neither MBAM and Kaspersky TDSS found anything at all.  I have a current DDS log and a GMER log if you would like to see them.

 

I've inspected all of the startup items and all running processes and can't spot the culprit.  In searching around on BleepingComputer it seems a few others have had the same thing in the last couple of weeks and that it was a rootkit.

 

Thanks in advance for the help.



BC AdBot (Login to Remove)

 


#2 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 06 January 2014 - 12:31 PM

The audio seems to be mostly randomly selected commercials with it being about 50/50 english and spanish.  It does happen both at home and at the office 70 miles away, so i don't think it's interference from a local tower, etc...



#3 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 06 January 2014 - 12:32 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7601.17514
Run by jworks at 11:12:14 on 2014-01-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3067.1269 [GMT -6:00]
.
AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
C:\Program Files\Corex\CardScan\System\CSyncCfg.exe
C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe
C:\Program Files\FastStone Capture\FSCapture.exe
C:\Program Files\Citrix\Receiver\Receiver.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.impactweather.com/
BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [CardScan AutoSync] "c:\program files\corex\cardscan\system\CSyncCfg.exe" /background
uRun: [ShoreTel Personal Call Manager] c:\program files\shoreline communications\shoreware client\ShoreTel.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start
mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\users\jworks\appdata\roaming\micros~1\windows\startm~1\programs\startup\fastst~1.lnk - c:\program files\faststone capture\FSCapture.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tanaitmgt1:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tanaitmgt1:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.205 192.168.1.206 127.0.0.1
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9} : DHCPNameServer = 207.70.128.209 207.70.172.13
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\36F6269616E65647D22616379636 : DHCPNameServer = 10.42.0.1
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\4514E414 : DHCPNameServer = 192.168.1.205 192.168.1.206 192.168.1.31 192.168.1.37
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\472747022716E63686 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\C4563686E656270277962756C656373702E6564777F627B6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F25050F2-409F-435F-9638-B060D9EB73DA} : DHCPNameServer = 192.168.1.205 192.168.1.206 127.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
AppInit_DLLs= c:\progra~1\citrix\icacli~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-2-4 175288]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-6-17 2043712]
R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2013-2-14 1020304]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-2-4 108344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-28 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-28 701512]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-9-28 1589152]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-6-17 677320]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-6-1 221912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-28 22856]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 staccel;staccel;c:\windows\system32\drivers\staccel.sys [2012-9-4 32864]
S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [2004-8-14 8448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2004-8-14 13824]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-4 266408]
S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2013-2-14 183944]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-4-26 45056]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-30 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2014-01-06 15:39:48 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-06 15:30:48 98816 ----a-w- c:\windows\sed.exe
2014-01-06 15:30:48 256000 ----a-w- c:\windows\PEV.exe
2014-01-06 15:30:48 208896 ----a-w- c:\windows\MBR.exe
2014-01-06 15:18:43 -------- d-----w- c:\program files\Defraggler
2014-01-04 11:35:31 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{602fd87f-bb4e-405c-bfe4-bc6fb4261d3e}\offreg.dll
2014-01-04 11:34:33 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{602fd87f-bb4e-405c-bfe4-bc6fb4261d3e}\mpengine.dll
2013-12-09 20:36:01 -------- d-----w- C:\IADirect_v213
.
==================== Find3M  ====================
.
2014-01-06 16:09:59 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys.bak
2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 11:12:40.94 ===============
 

Attached Files



#4 trek8500xtr

trek8500xtr
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 06 January 2014 - 03:05 PM

I wanted to add that it just started playing audio after a reboot at the logon screen before any accounts had logged in.  Windows 7 Pro.



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 PM

Posted 08 January 2014 - 08:55 PM

Hello, trek8500xtr.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #6 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 09 January 2014 - 11:18 AM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-FIP3BBN on 09-01-2014 10:12:19
    Running from F:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [000StTHK] - C:\Windows\System32\000StTHK.exe [24576 2001-06-23] ()
    HKLM\...\Run: [TFPUPWDBankService] - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [888752 2010-03-02] (TOSHIBA)
    HKLM\...\Run: [TFPUService] - C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [784304 2010-03-02] (TOSHIBA)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3158584 2013-02-14] (ESET)
    HKU\jworks\...\Run: [CardScan AutoSync] - C:\Program Files\Corex\CardScan\System\CSyncCfg.exe [ 2004-08-14] (Corex Technologies Corp.)
    HKU\jworks\...\Run: [ShoreTel Personal Call Manager] - C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe [ 2013-04-16] (ShoreTel Inc.)
    AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
    Startup: C:\Users\jworks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
    ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe (FastStone Soft)
     
    ========================== Services (Whitelisted) =================
     
    S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [2043712 2010-06-17] (AuthenTec, Inc.)
    S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33136 2013-02-14] (ESET)
    S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1020304 2013-02-14] (ESET)
    S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [183944 2013-02-14] (ESET)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
     
    ==================== Drivers (Whitelisted) ====================
     
    S1 CorexCardScan; C:\Windows\System32\drivers\slcorex.sys [8448 2004-08-14] (CYPRESS Corporation)
    S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [175288 2013-02-04] (ESET)
    S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET)
    S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [108344 2013-02-04] (ESET)
    S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
    S2 PAR1284; C:\Windows\system32\Drivers\PAR1284.SYS [54792 2004-08-14] (Warp Nine Engineering)
    S2 PPNT; C:\Windows\system32\Drivers\PPNT.SYS [13824 2004-08-14] (Corex Technologies Corp.)
    S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [45056 2011-04-26] (REDC)
    S3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2012-09-04] (ShoreTel, Inc)
    S3 catchme; \??\C:\Users\jworks\AppData\Local\Temp\catchme.sys [x]
    S3 TrueSight; \??\ [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-09 10:11 - 2014-01-09 10:11 - 00000000 ____D C:\FRST
    2014-01-06 13:05 - 2014-01-06 13:05 - 00000000 ____D C:\Users\jladmin\AppData\Local\VirtualStore
    2014-01-06 09:12 - 2014-01-06 09:12 - 00016581 _____ C:\Users\jworks\Desktop\attach.txt
    2014-01-06 09:12 - 2014-01-06 09:12 - 00013865 _____ C:\Users\jworks\Desktop\dds.txt
    2014-01-06 09:10 - 2014-01-06 09:10 - 00688992 ____R (Swearware) C:\Users\jworks\Desktop\dds.com
    2014-01-06 08:33 - 2014-01-06 08:33 - 00008531 _____ C:\Users\jworks\Desktop\GMER.log
    2014-01-06 08:17 - 2014-01-06 08:17 - 00377856 _____ C:\Users\jworks\Desktop\wsx9128e.exe
    2014-01-06 08:16 - 2014-01-06 08:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jworks\Desktop\tdsskiller.exe
    2014-01-06 08:11 - 2014-01-06 08:11 - 00001567 _____ C:\Users\jworks\Desktop\RKreport[0]_D_01062014_101121.txt
    2014-01-06 08:10 - 2014-01-06 08:10 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 01293672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00586752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00526952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00311808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00175360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00169320 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00148864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00080768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079872 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Tosrfhid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069664 _____ (O2Micro) C:\Windows\System32\Drivers\oz776.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069480 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfcom.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00061168 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TosRfSnd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00054792 _____ (Warp Nine Engineering) C:\Windows\System32\Drivers\par1284.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00049400 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (REDC) C:\Windows\System32\Drivers\rimmptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00046984 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosporte.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (REDC) C:\Windows\System32\Drivers\rixdpe86.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00044544 _____ (REDC) C:\Windows\System32\Drivers\rimsptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042472 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfbnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\point32.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00038400 _____ (REDC) C:\Windows\System32\Drivers\rixdptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032864 _____ (ShoreTel, Inc) C:\Windows\System32\Drivers\staccel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00027264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\tosrfnds.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016768 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TVALZ.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015216 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfec.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Corex Technologies Corp.) C:\Windows\System32\Drivers\ppnt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013120 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\Thpevm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011520 _____ (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Toshidpt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008448 _____ (CYPRESS Corporation) C:\Windows\System32\Drivers\slcorex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00001523 _____ C:\Users\jworks\Desktop\RKreport[0]_S_01062014_101032.txt
    2014-01-06 08:09 - 2014-01-06 08:10 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 09814528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 06755840 _____ (Intel Corporation) C:\Windows\System32\Drivers\NETw5s32.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01161760 _____ (LSI Corporation) C:\Windows\System32\Drivers\AGRSM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00712048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00677320 _____ (AuthenTec, Inc.) C:\Windows\System32\Drivers\ATSwpWDF.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00513536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00433176 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00393728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00388096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00369336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00266408 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00240496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00233344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00225328 _____ (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00221912 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1y6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00175288 _____ (ESET) C:\Windows\System32\Drivers\eamonm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00134000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00132992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00124848 _____ (ESET) C:\Windows\System32\Drivers\ehdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108344 _____ (ESET) C:\Windows\System32\Drivers\epfwwfpr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067960 _____ (Citrix Systems, Inc.) C:\Windows\System32\Drivers\ctxusbm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00064624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026840 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012904 _____ (UVNC BVBA) C:\Windows\System32\Drivers\mv2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-06 08:05 - 2014-01-06 08:11 - 00000000 ____D C:\Users\jworks\Desktop\RK_Quarantine
    2014-01-06 08:01 - 2014-01-06 08:01 - 03810304 _____ C:\Users\jworks\Desktop\RogueKiller.exe
    2014-01-06 08:01 - 2014-01-06 08:01 - 01233962 _____ C:\Users\jworks\Desktop\adwcleaner.exe
    2014-01-06 07:44 - 2014-01-06 07:44 - 00013229 _____ C:\ComboFix.txt
    2014-01-06 07:39 - 2014-01-07 11:35 - 00001176 _____ C:\Windows\setupact.log
    2014-01-06 07:39 - 2014-01-06 07:39 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-06 07:38 - 2014-01-06 07:38 - 00000540 _____ C:\Windows\PFRO.log
    2014-01-06 07:30 - 2014-01-06 07:44 - 00000000 ____D C:\Qoobox
    2014-01-06 07:30 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-06 07:30 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-06 07:30 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-06 07:29 - 2014-01-06 07:43 - 00000000 ____D C:\Windows\erdnt
    2014-01-06 07:28 - 2014-01-06 07:29 - 05160001 ____R (Swearware) C:\Users\jworks\Desktop\ComboFix.exe
    2014-01-06 07:18 - 2014-01-06 07:18 - 00000000 ____D C:\Program Files\Defraggler
    2014-01-04 09:06 - 2014-01-04 09:06 - 00024396 _____ C:\Users\jworks\Documents\MWD Surveys 0-12594.txt
    2014-01-04 06:25 - 2014-01-04 06:25 - 00028672 _____ C:\Windows\System32\lttoc.sly
    2014-01-04 06:15 - 2014-01-07 12:19 - 00000083 _____ C:\Windows\System32\yvfsprg.gei
    2014-01-04 06:15 - 2014-01-04 06:25 - 00000099 _____ C:\Windows\System32\mfcbun.klv
    2014-01-04 06:15 - 2014-01-04 06:15 - 00000064 _____ C:\Windows\System32\fnqhqd.fip
    2014-01-04 05:59 - 2014-01-04 05:59 - 00101213 ____S C:\Windows\System32\oxqvi.nqi
    2014-01-03 09:14 - 2014-01-03 09:14 - 00280064 _____ C:\Users\jworks\Documents\WBD Symbols.xls
    2014-01-03 04:10 - 2014-01-04 04:05 - 00388647 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (Autosaved).xlsx
    2014-01-02 08:53 - 2014-01-02 09:27 - 00054272 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling WO.xls
    2014-01-02 07:17 - 2014-01-02 07:17 - 00081889 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (4).xlsx
    2014-01-02 06:58 - 2014-01-02 06:58 - 00081908 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (3).xlsx
    2014-01-02 04:06 - 2014-01-02 04:06 - 00114117 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-02 03:45 - 2014-01-02 03:45 - 00024016 _____ C:\Users\jworks\Documents\MWD Surveys 0-12415.txt
    2014-01-01 04:05 - 2014-01-01 04:05 - 00106000 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report (20).xlsx
    2013-12-31 18:11 - 2013-12-31 19:10 - 00015462 _____ C:\Users\jworks\Documents\Cost Comparison - WD 59.xlsx
    2013-12-31 18:10 - 2013-12-31 18:29 - 00099807 _____ C:\Users\jworks\Documents\WD 59 #3 Revised cost report.xlsx
    2013-12-31 05:20 - 2013-12-31 05:20 - 00022496 _____ C:\Users\jworks\Documents\MWD Surveys 0-11656.txt
    2013-12-31 04:32 - 2014-01-05 04:09 - 01029053 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report (3).xlsx
    2013-12-31 04:22 - 2014-01-04 04:21 - 00125978 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Cost Report.xlsx
    2013-12-25 04:05 - 2014-01-01 04:13 - 00336157 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (3).xlsx
    2013-12-23 04:13 - 2013-12-23 13:03 - 00206284 _____ C:\Users\jworks\Documents\Copy of 9625 in Casing Run_Cement Sheet.xlsx
    2013-12-23 04:05 - 2013-12-24 04:08 - 00200516 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (2).xlsx
    2013-12-18 14:03 - 2014-01-04 05:04 - 00730840 _____ C:\Users\jworks\Desktop\WD 59 #3 COMPLETION FORECAST.xlsx
    2013-12-18 11:21 - 2013-12-18 11:21 - 00020786 _____ C:\Users\jworks\Documents\MWD Surveys 0-10892.txt
    2013-12-18 09:21 - 2013-12-18 09:21 - 00014610 _____ C:\Users\jworks\Documents\Avalon Pricing.xlsx
    2013-12-18 07:13 - 2013-12-18 07:13 - 00178176 _____ C:\Users\jworks\Documents\WD 59 #3 Forward Work Planner (Rev 12-18-13).xls
    2013-12-18 07:04 - 2013-12-18 07:04 - 00177664 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Forward Work Planner - Initial (2).xls
    2013-12-15 04:14 - 2014-01-05 04:44 - 00422152 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report.xlsx
    2013-12-14 04:19 - 2014-01-05 04:45 - 00406217 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Report.xlsx
    2013-12-11 21:32 - 2013-12-11 21:34 - 00005703 _____ C:\Users\jworks\Documents\2013-12-11 WD59Well3 RT Data BHI RCI.xlsx.csv
    2013-12-11 04:27 - 2013-12-13 04:28 - 01423728 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Drilling Report.xlsx
    2013-12-10 14:29 - 2013-12-10 14:29 - 00002130 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2013-12-10 14:04 - 2013-12-10 14:04 - 77492187 _____ C:\Users\jworks\Documents\Christmas Party 2013.pptx
    2013-12-10 04:20 - 2014-01-04 04:24 - 01011351 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-09 10:11 - 2014-01-09 10:11 - 00000000 ____D C:\FRST
    2014-01-07 13:20 - 2011-06-02 12:59 - 01260979 _____ C:\Windows\WindowsUpdate.log
    2014-01-07 12:19 - 2014-01-04 06:15 - 00000083 _____ C:\Windows\System32\yvfsprg.gei
    2014-01-07 11:48 - 2011-06-05 08:16 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
    2014-01-07 11:44 - 2009-07-13 20:34 - 00022416 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-07 11:44 - 2009-07-13 20:34 - 00022416 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-07 11:35 - 2014-01-06 07:39 - 00001176 _____ C:\Windows\setupact.log
    2014-01-07 11:35 - 2011-06-01 08:42 - 00006442 __RSH C:\ProgramData\ntuser.pol
    2014-01-06 23:28 - 2010-11-20 13:01 - 00796652 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-06 13:05 - 2014-01-06 13:05 - 00000000 ____D C:\Users\jladmin\AppData\Local\VirtualStore
    2014-01-06 13:05 - 2013-05-22 06:07 - 00000820 __RSH C:\Users\jladmin\ntuser.pol
    2014-01-06 13:05 - 2013-05-22 06:07 - 00000000 ____D C:\users\jladmin
    2014-01-06 10:34 - 2011-06-06 08:51 - 00000000 ____D C:\Users\jworks\Documents\Outlook Personal Folders
    2014-01-06 10:03 - 2011-06-06 08:13 - 30604800 _____ C:\Users\jworks\Documents\Master Contact List.cdb
    2014-01-06 09:12 - 2014-01-06 09:12 - 00016581 _____ C:\Users\jworks\Desktop\attach.txt
    2014-01-06 09:12 - 2014-01-06 09:12 - 00013865 _____ C:\Users\jworks\Desktop\dds.txt
    2014-01-06 09:10 - 2014-01-06 09:10 - 00688992 ____R (Swearware) C:\Users\jworks\Desktop\dds.com
    2014-01-06 08:33 - 2014-01-06 08:33 - 00008531 _____ C:\Users\jworks\Desktop\GMER.log
    2014-01-06 08:21 - 2013-06-01 11:51 - 00000000 ____D C:\Users\jworks\AppData\Local\CrashDumps
    2014-01-06 08:17 - 2014-01-06 08:17 - 00377856 _____ C:\Users\jworks\Desktop\wsx9128e.exe
    2014-01-06 08:16 - 2014-01-06 08:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jworks\Desktop\tdsskiller.exe
    2014-01-06 08:11 - 2014-01-06 08:11 - 00001567 _____ C:\Users\jworks\Desktop\RKreport[0]_D_01062014_101121.txt
    2014-01-06 08:11 - 2014-01-06 08:05 - 00000000 ____D C:\Users\jworks\Desktop\RK_Quarantine
    2014-01-06 08:10 - 2014-01-06 08:10 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 01293672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00586752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00526952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00311808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00175360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00169320 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00148864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00080768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079872 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Tosrfhid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069664 _____ (O2Micro) C:\Windows\System32\Drivers\oz776.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069480 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfcom.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00061168 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TosRfSnd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00054792 _____ (Warp Nine Engineering) C:\Windows\System32\Drivers\par1284.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00049400 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (REDC) C:\Windows\System32\Drivers\rimmptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00046984 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosporte.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (REDC) C:\Windows\System32\Drivers\rixdpe86.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00044544 _____ (REDC) C:\Windows\System32\Drivers\rimsptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042472 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfbnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\point32.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00038400 _____ (REDC) C:\Windows\System32\Drivers\rixdptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032864 _____ (ShoreTel, Inc) C:\Windows\System32\Drivers\staccel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00027264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\tosrfnds.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016768 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TVALZ.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015216 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfec.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Corex Technologies Corp.) C:\Windows\System32\Drivers\ppnt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013120 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\Thpevm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011520 _____ (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Toshidpt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008448 _____ (CYPRESS Corporation) C:\Windows\System32\Drivers\slcorex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00001523 _____ C:\Users\jworks\Desktop\RKreport[0]_S_01062014_101032.txt
    2014-01-06 08:10 - 2014-01-06 08:09 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 09814528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 06755840 _____ (Intel Corporation) C:\Windows\System32\Drivers\NETw5s32.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01161760 _____ (LSI Corporation) C:\Windows\System32\Drivers\AGRSM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00712048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00677320 _____ (AuthenTec, Inc.) C:\Windows\System32\Drivers\ATSwpWDF.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00513536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00433176 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00393728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00388096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00369336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00266408 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00240496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00233344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00225328 _____ (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00221912 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1y6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00175288 _____ (ESET) C:\Windows\System32\Drivers\eamonm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00134000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00132992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00124848 _____ (ESET) C:\Windows\System32\Drivers\ehdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108344 _____ (ESET) C:\Windows\System32\Drivers\epfwwfpr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067960 _____ (Citrix Systems, Inc.) C:\Windows\System32\Drivers\ctxusbm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00064624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026840 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012904 _____ (UVNC BVBA) C:\Windows\System32\Drivers\mv2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-06 08:01 - 2014-01-06 08:01 - 03810304 _____ C:\Users\jworks\Desktop\RogueKiller.exe
    2014-01-06 08:01 - 2014-01-06 08:01 - 01233962 _____ C:\Users\jworks\Desktop\adwcleaner.exe
    2014-01-06 07:44 - 2014-01-06 07:44 - 00013229 _____ C:\ComboFix.txt
    2014-01-06 07:44 - 2014-01-06 07:30 - 00000000 ____D C:\Qoobox
    2014-01-06 07:44 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
    2014-01-06 07:43 - 2014-01-06 07:29 - 00000000 ____D C:\Windows\erdnt
    2014-01-06 07:40 - 2009-07-13 18:03 - 56360960 _____ C:\Windows\System32\config\SOFTWARE.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 21495808 _____ C:\Windows\System32\config\SYSTEM.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SAM.bak
    2014-01-06 07:39 - 2014-01-06 07:39 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-06 07:39 - 2011-06-05 08:19 - 00000000 ____D C:\users\jworks
    2014-01-06 07:39 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
    2014-01-06 07:38 - 2014-01-06 07:38 - 00000540 _____ C:\Windows\PFRO.log
    2014-01-06 07:29 - 2014-01-06 07:28 - 05160001 ____R (Swearware) C:\Users\jworks\Desktop\ComboFix.exe
    2014-01-06 07:18 - 2014-01-06 07:18 - 00000000 ____D C:\Program Files\Defraggler
    2014-01-06 07:14 - 2013-05-29 05:36 - 00000000 ____D C:\Program Files\PDFCreator
    2014-01-06 07:13 - 2013-05-28 11:40 - 00000000 ____D C:\Program Files\CCleaner
    2014-01-05 04:45 - 2013-12-14 04:19 - 00406217 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Report.xlsx
    2014-01-05 04:44 - 2013-12-15 04:14 - 00422152 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report.xlsx
    2014-01-05 04:10 - 2013-11-11 04:00 - 01033262 _____ C:\Users\jworks\Documents\VR 284#1 Drilling Report.xlsx
    2014-01-05 04:09 - 2013-12-31 04:32 - 01029053 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report (3).xlsx
    2014-01-04 10:15 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32
    2014-01-04 09:06 - 2014-01-04 09:06 - 00024396 _____ C:\Users\jworks\Documents\MWD Surveys 0-12594.txt
    2014-01-04 06:25 - 2014-01-04 06:25 - 00028672 _____ C:\Windows\System32\lttoc.sly
    2014-01-04 06:25 - 2014-01-04 06:15 - 00000099 _____ C:\Windows\System32\mfcbun.klv
    2014-01-04 06:15 - 2014-01-04 06:15 - 00000064 _____ C:\Windows\System32\fnqhqd.fip
    2014-01-04 05:59 - 2014-01-04 05:59 - 00101213 ____S C:\Windows\System32\oxqvi.nqi
    2014-01-04 05:04 - 2013-12-18 14:03 - 00730840 _____ C:\Users\jworks\Desktop\WD 59 #3 COMPLETION FORECAST.xlsx
    2014-01-04 04:24 - 2013-12-10 04:20 - 01011351 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report.xlsx
    2014-01-04 04:21 - 2013-12-31 04:22 - 00125978 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-04 04:05 - 2014-01-03 04:10 - 00388647 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (Autosaved).xlsx
    2014-01-03 09:14 - 2014-01-03 09:14 - 00280064 _____ C:\Users\jworks\Documents\WBD Symbols.xls
    2014-01-03 08:47 - 2011-06-06 08:13 - 36846080 _____ C:\Users\jworks\Documents\Secondary Contact List.cdb
    2014-01-02 09:27 - 2014-01-02 08:53 - 00054272 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling WO.xls
    2014-01-02 07:26 - 2013-11-15 06:00 - 00082785 _____ C:\Users\jworks\Documents\VR 284 #1 Composite.xlsx
    2014-01-02 07:17 - 2014-01-02 07:17 - 00081889 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (4).xlsx
    2014-01-02 06:58 - 2014-01-02 06:58 - 00081908 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (3).xlsx
    2014-01-02 04:17 - 2013-11-11 04:04 - 00251085 _____ C:\Users\jworks\Documents\VR 284 #1 Cost Report.xlsx
    2014-01-02 04:06 - 2014-01-02 04:06 - 00114117 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-02 04:04 - 2013-12-09 06:24 - 01680446 _____ C:\Users\jworks\Desktop\VR 284 Operations File.xlsx
    2014-01-02 03:45 - 2014-01-02 03:45 - 00024016 _____ C:\Users\jworks\Documents\MWD Surveys 0-12415.txt
    2014-01-01 04:13 - 2013-12-25 04:05 - 00336157 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (3).xlsx
    2014-01-01 04:05 - 2014-01-01 04:05 - 00106000 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report (20).xlsx
    2013-12-31 19:10 - 2013-12-31 18:11 - 00015462 _____ C:\Users\jworks\Documents\Cost Comparison - WD 59.xlsx
    2013-12-31 18:29 - 2013-12-31 18:10 - 00099807 _____ C:\Users\jworks\Documents\WD 59 #3 Revised cost report.xlsx
    2013-12-31 05:20 - 2013-12-31 05:20 - 00022496 _____ C:\Users\jworks\Documents\MWD Surveys 0-11656.txt
    2013-12-30 07:32 - 2011-06-06 08:13 - 01205760 _____ C:\Users\jworks\Documents\Master Phone List.xls
    2013-12-27 06:04 - 2011-06-11 07:29 - 00000000 ____D C:\Users\jworks\Documents\My Scans
    2013-12-27 05:58 - 2011-06-11 07:11 - 00002758 _____ C:\ProgramData\hpzinstall.log
    2013-12-27 05:46 - 2009-07-13 18:04 - 00000513 _____ C:\Windows\win.ini
    2013-12-27 05:45 - 2011-06-11 07:11 - 00218468 _____ C:\Windows\hpwins14.dat
    2013-12-24 04:08 - 2013-12-23 04:05 - 00200516 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (2).xlsx
    2013-12-23 13:03 - 2013-12-23 04:13 - 00206284 _____ C:\Users\jworks\Documents\Copy of 9625 in Casing Run_Cement Sheet.xlsx
    2013-12-18 11:21 - 2013-12-18 11:21 - 00020786 _____ C:\Users\jworks\Documents\MWD Surveys 0-10892.txt
    2013-12-18 09:21 - 2013-12-18 09:21 - 00014610 _____ C:\Users\jworks\Documents\Avalon Pricing.xlsx
    2013-12-18 07:13 - 2013-12-18 07:13 - 00178176 _____ C:\Users\jworks\Documents\WD 59 #3 Forward Work Planner (Rev 12-18-13).xls
    2013-12-18 07:04 - 2013-12-18 07:04 - 00177664 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Forward Work Planner - Initial (2).xls
    2013-12-14 04:09 - 2012-11-28 04:08 - 00000000 ____D C:\Users\jworks\Documents\Rig Reports
    2013-12-13 04:32 - 2013-10-18 03:07 - 01426948 _____ C:\Users\jworks\Documents\WD 59 #3 Drilling Report.xlsx
    2013-12-13 04:28 - 2013-12-11 04:27 - 01423728 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Drilling Report.xlsx
    2013-12-12 11:52 - 2013-12-04 12:15 - 00053760 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling& WO.xls
    2013-12-12 03:59 - 2013-10-31 02:58 - 00390803 _____ C:\Users\jworks\Documents\WD59 #3 Drilling Cost Report.xlsx
    2013-12-11 21:34 - 2013-12-11 21:32 - 00005703 _____ C:\Users\jworks\Documents\2013-12-11 WD59Well3 RT Data BHI RCI.xlsx.csv
    2013-12-10 14:29 - 2013-12-10 14:29 - 00002130 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2013-12-10 14:04 - 2013-12-10 14:04 - 77492187 _____ C:\Users\jworks\Documents\Christmas Party 2013.pptx
     
    Some content of TEMP:
    ====================
    C:\Users\jworks\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\jworks\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Known DLLs (Whitelisted) ============
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2010-11-20 13:29] - [2010-11-20 13:29] - 0377344 ____A (Microsoft Corporation) 98E00E443CE8467036C71A7DC9A33CEA
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2013-12-04 03:54:07
    Restore point made on: 2013-12-11 09:53:54
    Restore point made on: 2013-12-12 02:05:30
    Restore point made on: 2013-12-19 10:24:30
    Restore point made on: 2013-12-22 02:31:56
    Restore point made on: 2013-12-27 02:31:46
    Restore point made on: 2013-12-31 00:23:14
    Restore point made on: 2014-01-04 03:34:19
    Restore point made on: 2014-01-06 07:22:32
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 4027.24 MB
    Available physical RAM: 3497.66 MB
    Total Pagefile: 4025.53 MB
    Available Pagefile: 3500.1 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1941.97 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:297.99 GB) (Free:181.82 GB) NTFS
    Drive e: (Oct 31 2013) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
    Drive f: (PATRIOT) (Removable) (Total:14.91 GB) (Free:14.89 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A0014AA0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
     
     
    LastRegBack: 2013-12-29 22:28
     
    ==================== End Of Log ============================


    #7 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:10 PM

    Posted 09 January 2014 - 08:57 PM

    Hello, trek8500xtr.
     
     
    Step 1
     
    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
     

    2014-01-04 06:25 - 2014-01-04 06:25 - 00028672 _____ C:\Windows\System32\lttoc.sly

    2014-01-04 06:15 - 2014-01-07 12:19 - 00000083 _____ C:\Windows\System32\yvfsprg.gei
    2014-01-04 06:15 - 2014-01-04 06:25 - 00000099 _____ C:\Windows\System32\mfcbun.klv
    2014-01-04 06:15 - 2014-01-04 06:15 - 00000064 _____ C:\Windows\System32\fnqhqd.fip
    2014-01-04 05:59 - 2014-01-04 05:59 - 00101213 ____S C:\Windows\System32\oxqvi.nqi
     

     

     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
     
     
    On Vista or Windows 7: Now please enter System Recovery Options.
     
    On Windows XP: Now please boot into the PE (Preinstallation Environment) disk.
     
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
     
     
     
    Step 2
     
     
    While still in FRST, type rpcss.dll in the search box and click Search File(s).  Post the resulting log (search.txt) that will be in the same location as FRST.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #8 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 10 January 2014 - 10:51 AM

    Fixlog.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-10 09:41:36 Run:1
    Running from F:\
    Boot Mode: Recovery
     
    ==============================================
     
    Content of fixlist:
    *****************
    2014-01-04 06:25 - 2014-01-04 06:25 - 00028672 _____ C:\Windows\System32\lttoc.sly
    2014-01-04 06:15 - 2014-01-07 12:19 - 00000083 _____ C:\Windows\System32\yvfsprg.gei
    2014-01-04 06:15 - 2014-01-04 06:25 - 00000099 _____ C:\Windows\System32\mfcbun.klv
    2014-01-04 06:15 - 2014-01-04 06:15 - 00000064 _____ C:\Windows\System32\fnqhqd.fip
    2014-01-04 05:59 - 2014-01-04 05:59 - 00101213 ____S C:\Windows\System32\oxqvi.nqi
    *****************
     
    C:\Windows\System32\lttoc.sly => Moved successfully.
    C:\Windows\System32\yvfsprg.gei => Moved successfully.
    C:\Windows\System32\mfcbun.klv => Moved successfully.
    C:\Windows\System32\fnqhqd.fip => Moved successfully.
    C:\Windows\System32\oxqvi.nqi => Moved successfully.
     
    ==== End of Fixlog ====


    #9 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 10 January 2014 - 10:53 AM

    The search for that specific dll didn't result in a search.txt, but it did generate another frst log:

     
     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01
    Ran by SYSTEM on MININT-FN3CQ2S on 10-01-2014 09:41:57
    Running from F:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Recovery
     
    The current controlset is ControlSet001
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
     
     
    ==================== Registry (Whitelisted) ==================
     
    HKLM\...\Run: [000StTHK] - C:\Windows\System32\000StTHK.exe [24576 2001-06-23] ()
    HKLM\...\Run: [TFPUPWDBankService] - C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [888752 2010-03-02] (TOSHIBA)
    HKLM\...\Run: [TFPUService] - C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [784304 2010-03-02] (TOSHIBA)
    HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
    HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [3158584 2013-02-14] (ESET)
    HKU\jworks\...\Run: [CardScan AutoSync] - C:\Program Files\Corex\CardScan\System\CSyncCfg.exe [ 2004-08-14] (Corex Technologies Corp.)
    HKU\jworks\...\Run: [ShoreTel Personal Call Manager] - C:\Program Files\Shoreline Communications\ShoreWare Client\ShoreTel.exe [ 2013-04-16] (ShoreTel Inc.)
    AppInit_DLLs: C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
    Startup: C:\Users\jworks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk
    ShortcutTarget: FastStone Capture.lnk -> C:\Program Files\FastStone Capture\FSCapture.exe (FastStone Soft)
     
    ========================== Services (Whitelisted) =================
     
    S2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
    S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [2043712 2010-06-17] (AuthenTec, Inc.)
    S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [33136 2013-02-14] (ESET)
    S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe [1020304 2013-02-14] (ESET)
    S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [183944 2013-02-14] (ESET)
    S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    S2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
     
    ==================== Drivers (Whitelisted) ====================
     
    S1 CorexCardScan; C:\Windows\System32\drivers\slcorex.sys [8448 2004-08-14] (CYPRESS Corporation)
    S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [175288 2013-02-04] (ESET)
    S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [124848 2013-02-04] (ESET)
    S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [108344 2013-02-04] (ESET)
    S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [69664 2009-09-09] (O2Micro)
    S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
    S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
    S2 PAR1284; C:\Windows\system32\Drivers\PAR1284.SYS [54792 2004-08-14] (Warp Nine Engineering)
    S2 PPNT; C:\Windows\system32\Drivers\PPNT.SYS [13824 2004-08-14] (Corex Technologies Corp.)
    S3 rixdpcie; C:\Windows\system32\drivers\rixdpe86.sys [45056 2011-04-26] (REDC)
    S3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2012-09-04] (ShoreTel, Inc)
    S3 catchme; \??\C:\Users\jworks\AppData\Local\Temp\catchme.sys [x]
    S3 TrueSight; \??\ [x]
     
    ==================== NetSvcs (Whitelisted) ===================
     
     
    ==================== One Month Created Files and Folders ========
     
    2014-01-09 10:11 - 2014-01-09 10:11 - 00000000 ____D C:\FRST
    2014-01-06 13:05 - 2014-01-06 13:05 - 00000000 ____D C:\Users\jladmin\AppData\Local\VirtualStore
    2014-01-06 09:12 - 2014-01-06 09:12 - 00016581 _____ C:\Users\jworks\Desktop\attach.txt
    2014-01-06 09:12 - 2014-01-06 09:12 - 00013865 _____ C:\Users\jworks\Desktop\dds.txt
    2014-01-06 09:10 - 2014-01-06 09:10 - 00688992 ____R (Swearware) C:\Users\jworks\Desktop\dds.com
    2014-01-06 08:33 - 2014-01-06 08:33 - 00008531 _____ C:\Users\jworks\Desktop\GMER.log
    2014-01-06 08:17 - 2014-01-06 08:17 - 00377856 _____ C:\Users\jworks\Desktop\wsx9128e.exe
    2014-01-06 08:16 - 2014-01-06 08:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jworks\Desktop\tdsskiller.exe
    2014-01-06 08:11 - 2014-01-06 08:11 - 00001567 _____ C:\Users\jworks\Desktop\RKreport[0]_D_01062014_101121.txt
    2014-01-06 08:10 - 2014-01-06 08:10 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 01293672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00586752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00526952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00311808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00175360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00169320 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00148864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00080768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079872 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Tosrfhid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069664 _____ (O2Micro) C:\Windows\System32\Drivers\oz776.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069480 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfcom.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00061168 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TosRfSnd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00054792 _____ (Warp Nine Engineering) C:\Windows\System32\Drivers\par1284.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00049400 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (REDC) C:\Windows\System32\Drivers\rimmptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00046984 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosporte.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (REDC) C:\Windows\System32\Drivers\rixdpe86.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00044544 _____ (REDC) C:\Windows\System32\Drivers\rimsptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042472 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfbnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\point32.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00038400 _____ (REDC) C:\Windows\System32\Drivers\rixdptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032864 _____ (ShoreTel, Inc) C:\Windows\System32\Drivers\staccel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00027264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\tosrfnds.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016768 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TVALZ.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015216 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfec.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Corex Technologies Corp.) C:\Windows\System32\Drivers\ppnt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013120 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\Thpevm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011520 _____ (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Toshidpt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008448 _____ (CYPRESS Corporation) C:\Windows\System32\Drivers\slcorex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00001523 _____ C:\Users\jworks\Desktop\RKreport[0]_S_01062014_101032.txt
    2014-01-06 08:09 - 2014-01-06 08:10 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 09814528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 06755840 _____ (Intel Corporation) C:\Windows\System32\Drivers\NETw5s32.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01161760 _____ (LSI Corporation) C:\Windows\System32\Drivers\AGRSM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00712048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00677320 _____ (AuthenTec, Inc.) C:\Windows\System32\Drivers\ATSwpWDF.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00513536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00433176 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00393728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00388096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00369336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00266408 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00240496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00233344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00225328 _____ (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00221912 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1y6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00175288 _____ (ESET) C:\Windows\System32\Drivers\eamonm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00134000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00132992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00124848 _____ (ESET) C:\Windows\System32\Drivers\ehdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108344 _____ (ESET) C:\Windows\System32\Drivers\epfwwfpr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067960 _____ (Citrix Systems, Inc.) C:\Windows\System32\Drivers\ctxusbm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00064624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026840 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012904 _____ (UVNC BVBA) C:\Windows\System32\Drivers\mv2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-06 08:05 - 2014-01-06 08:11 - 00000000 ____D C:\Users\jworks\Desktop\RK_Quarantine
    2014-01-06 08:01 - 2014-01-06 08:01 - 03810304 _____ C:\Users\jworks\Desktop\RogueKiller.exe
    2014-01-06 08:01 - 2014-01-06 08:01 - 01233962 _____ C:\Users\jworks\Desktop\adwcleaner.exe
    2014-01-06 07:44 - 2014-01-06 07:44 - 00013229 _____ C:\ComboFix.txt
    2014-01-06 07:39 - 2014-01-09 08:16 - 00001232 _____ C:\Windows\setupact.log
    2014-01-06 07:39 - 2014-01-06 07:39 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-06 07:38 - 2014-01-06 07:38 - 00000540 _____ C:\Windows\PFRO.log
    2014-01-06 07:30 - 2014-01-06 07:44 - 00000000 ____D C:\Qoobox
    2014-01-06 07:30 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
    2014-01-06 07:30 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
    2014-01-06 07:30 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
    2014-01-06 07:30 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
    2014-01-06 07:29 - 2014-01-06 07:43 - 00000000 ____D C:\Windows\erdnt
    2014-01-06 07:28 - 2014-01-06 07:29 - 05160001 ____R (Swearware) C:\Users\jworks\Desktop\ComboFix.exe
    2014-01-06 07:18 - 2014-01-06 07:18 - 00000000 ____D C:\Program Files\Defraggler
    2014-01-04 09:06 - 2014-01-04 09:06 - 00024396 _____ C:\Users\jworks\Documents\MWD Surveys 0-12594.txt
    2014-01-03 09:14 - 2014-01-03 09:14 - 00280064 _____ C:\Users\jworks\Documents\WBD Symbols.xls
    2014-01-03 04:10 - 2014-01-04 04:05 - 00388647 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (Autosaved).xlsx
    2014-01-02 08:53 - 2014-01-02 09:27 - 00054272 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling WO.xls
    2014-01-02 07:17 - 2014-01-02 07:17 - 00081889 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (4).xlsx
    2014-01-02 06:58 - 2014-01-02 06:58 - 00081908 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (3).xlsx
    2014-01-02 04:06 - 2014-01-02 04:06 - 00114117 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-02 03:45 - 2014-01-02 03:45 - 00024016 _____ C:\Users\jworks\Documents\MWD Surveys 0-12415.txt
    2014-01-01 04:05 - 2014-01-01 04:05 - 00106000 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report (20).xlsx
    2013-12-31 18:11 - 2013-12-31 19:10 - 00015462 _____ C:\Users\jworks\Documents\Cost Comparison - WD 59.xlsx
    2013-12-31 18:10 - 2013-12-31 18:29 - 00099807 _____ C:\Users\jworks\Documents\WD 59 #3 Revised cost report.xlsx
    2013-12-31 05:20 - 2013-12-31 05:20 - 00022496 _____ C:\Users\jworks\Documents\MWD Surveys 0-11656.txt
    2013-12-31 04:32 - 2014-01-05 04:09 - 01029053 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report (3).xlsx
    2013-12-31 04:22 - 2014-01-04 04:21 - 00125978 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Cost Report.xlsx
    2013-12-25 04:05 - 2014-01-01 04:13 - 00336157 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (3).xlsx
    2013-12-23 04:13 - 2013-12-23 13:03 - 00206284 _____ C:\Users\jworks\Documents\Copy of 9625 in Casing Run_Cement Sheet.xlsx
    2013-12-23 04:05 - 2013-12-24 04:08 - 00200516 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (2).xlsx
    2013-12-18 14:03 - 2014-01-04 05:04 - 00730840 _____ C:\Users\jworks\Desktop\WD 59 #3 COMPLETION FORECAST.xlsx
    2013-12-18 11:21 - 2013-12-18 11:21 - 00020786 _____ C:\Users\jworks\Documents\MWD Surveys 0-10892.txt
    2013-12-18 09:21 - 2013-12-18 09:21 - 00014610 _____ C:\Users\jworks\Documents\Avalon Pricing.xlsx
    2013-12-18 07:13 - 2013-12-18 07:13 - 00178176 _____ C:\Users\jworks\Documents\WD 59 #3 Forward Work Planner (Rev 12-18-13).xls
    2013-12-18 07:04 - 2013-12-18 07:04 - 00177664 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Forward Work Planner - Initial (2).xls
    2013-12-15 04:14 - 2014-01-05 04:44 - 00422152 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report.xlsx
    2013-12-14 04:19 - 2014-01-05 04:45 - 00406217 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Report.xlsx
    2013-12-11 21:32 - 2013-12-11 21:34 - 00005703 _____ C:\Users\jworks\Documents\2013-12-11 WD59Well3 RT Data BHI RCI.xlsx.csv
    2013-12-11 04:27 - 2013-12-13 04:28 - 01423728 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Drilling Report.xlsx
     
    ==================== One Month Modified Files and Folders =======
     
    2014-01-10 07:39 - 2011-06-02 12:59 - 01283701 _____ C:\Windows\WindowsUpdate.log
    2014-01-09 10:11 - 2014-01-09 10:11 - 00000000 ____D C:\FRST
    2014-01-09 08:23 - 2009-07-13 20:34 - 00022416 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-09 08:23 - 2009-07-13 20:34 - 00022416 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-09 08:20 - 2010-11-20 13:01 - 00796652 _____ C:\Windows\System32\PerfStringBackup.INI
    2014-01-09 08:16 - 2014-01-06 07:39 - 00001232 _____ C:\Windows\setupact.log
    2014-01-07 11:48 - 2011-06-05 08:16 - 00000128 _____ C:\Windows\System32\config\netlogon.ftl
    2014-01-07 11:35 - 2011-06-01 08:42 - 00006442 __RSH C:\ProgramData\ntuser.pol
    2014-01-06 13:05 - 2014-01-06 13:05 - 00000000 ____D C:\Users\jladmin\AppData\Local\VirtualStore
    2014-01-06 13:05 - 2013-05-22 06:07 - 00000820 __RSH C:\Users\jladmin\ntuser.pol
    2014-01-06 13:05 - 2013-05-22 06:07 - 00000000 ____D C:\users\jladmin
    2014-01-06 10:34 - 2011-06-06 08:51 - 00000000 ____D C:\Users\jworks\Documents\Outlook Personal Folders
    2014-01-06 10:03 - 2011-06-06 08:13 - 30604800 _____ C:\Users\jworks\Documents\Master Contact List.cdb
    2014-01-06 09:12 - 2014-01-06 09:12 - 00016581 _____ C:\Users\jworks\Desktop\attach.txt
    2014-01-06 09:12 - 2014-01-06 09:12 - 00013865 _____ C:\Users\jworks\Desktop\dds.txt
    2014-01-06 09:10 - 2014-01-06 09:10 - 00688992 ____R (Swearware) C:\Users\jworks\Desktop\dds.com
    2014-01-06 08:33 - 2014-01-06 08:33 - 00008531 _____ C:\Users\jworks\Desktop\GMER.log
    2014-01-06 08:21 - 2013-06-01 11:51 - 00000000 ____D C:\Users\jworks\AppData\Local\CrashDumps
    2014-01-06 08:17 - 2014-01-06 08:17 - 00377856 _____ C:\Users\jworks\Desktop\wsx9128e.exe
    2014-01-06 08:16 - 2014-01-06 08:16 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\jworks\Desktop\tdsskiller.exe
    2014-01-06 08:11 - 2014-01-06 08:11 - 00001567 _____ C:\Users\jworks\Desktop\RKreport[0]_D_01062014_101121.txt
    2014-01-06 08:11 - 2014-01-06 08:05 - 00000000 ____D C:\Users\jworks\Desktop\RK_Quarantine
    2014-01-06 08:10 - 2014-01-06 08:10 - 01383488 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql2300.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 01293672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00586752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00526952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00405504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spsys.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00311808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00310272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00297040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00284672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00246784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\udfs.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00245632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00180288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcmcia.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00177152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00175360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00173440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdyboost.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00169320 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00160128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vhdmp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00153984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00148864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\System32\Drivers\vsmraid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00140160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scsiport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rfcomm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tunnel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00106064 _____ (QLogic Corporation) C:\Windows\System32\Drivers\ql40xx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00104448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pacer.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00085376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sbp2port.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serial.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00080768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBAUDIO.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079872 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Tosrfhid.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00079360 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parport.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasl2tp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\System32\Drivers\sisraid4.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspppoe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00075264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rassstp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\raspptp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069664 _____ (O2Micro) C:\Windows\System32\Drivers\oz776.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00069480 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfcom.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ohci1394.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00061168 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TosRfSnd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00060928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rspndr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ULIAGPKX.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00056176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00055888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UAGP35.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00054792 _____ (Warp Nine Engineering) C:\Windows\System32\Drivers\par1284.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\stream.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VIAAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00053120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\termdd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\viac7.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\SISAGP.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00049400 _____ (TOSHIBA CORPORATION) C:\Windows\System32\Drivers\tosrfusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (REDC) C:\Windows\System32\Drivers\rimmptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwififlt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00046984 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosporte.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (REDC) C:\Windows\System32\Drivers\rixdpe86.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00045056 _____ (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00044544 _____ (REDC) C:\Windows\System32\Drivers\rimsptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winhv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pcw.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciidex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00042472 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfbnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\point32.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vmstorfl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\System32\Drivers\sisraid2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00038400 _____ (REDC) C:\Windows\System32\Drivers\rixdptsk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\winusb.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\watchdog.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032864 _____ (ShoreTel, Inc) C:\Windows\System32\Drivers\staccel.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00032832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vdrvroot.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\qwavedrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storvsc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00027264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\scfilter.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vgapnp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbrpm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD2.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBCAMD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vga.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tape.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wacompen.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\tosrfnds.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00021072 _____ (Promise Technology) C:\Windows\System32\Drivers\stexstor.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\System32\Drivers\secdrv.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifibus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbprint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sermouse.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00019008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wimmount.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpbus.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdpipe.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WSDPrint.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\VMBusHID.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\spldr.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\smclib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\System32\Drivers\viaide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016768 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\TVALZ.SYS.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ws2ifsl.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00015216 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\tosrfec.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmilib.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vwifimp.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sfloppy.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013824 _____ (Corex Technologies Corp.) C:\Windows\System32\Drivers\ppnt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00013120 _____ (TOSHIBA Corporation) C:\Windows\System32\Drivers\Thpevm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pciide.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_mmc.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00012240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\swenum.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rasacd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011520 _____ (Western Digital Technologies) C:\Windows\System32\Drivers\wdcsam.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wmiacpi.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sffdisk.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwf.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009608 _____ (TOSHIBA Corporation.) C:\Windows\System32\Drivers\Toshidpt.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00009216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\serscan.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\parvdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008448 _____ (CYPRESS Corporation) C:\Windows\System32\Drivers\slcorex.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\umpass.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rootmdm.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPREFMP.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPENCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\RDPCDD.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\vms3cap.sys.bak
    2014-01-06 08:10 - 2014-01-06 08:10 - 00001523 _____ C:\Users\jworks\Desktop\RKreport[0]_S_01062014_101032.txt
    2014-01-06 08:10 - 2014-01-06 08:09 - 00267264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 09814528 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 06755840 _____ (Intel Corporation) C:\Windows\System32\Drivers\NETw5s32.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 03100160 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\evbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 01161760 _____ (LSI Corporation) C:\Windows\System32\Drivers\AGRSM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00712048 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00677320 _____ (AuthenTec, Inc.) C:\Windows\System32\Drivers\ATSwpWDF.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00513536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00453712 _____ (Emulex) C:\Windows\System32\Drivers\elxstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00433176 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00430080 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\bxvbdx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00422976 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adp94xx.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00393728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00388096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\csc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00369336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00338944 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00332160 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00304128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\HdAudio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00297552 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00274304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerId.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00266408 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1k6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00240496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\System32\Drivers\MegaSR.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00233344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00229888 _____ (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60x.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00225328 _____ (Alps Electric Co., Ltd.) C:\Windows\System32\Drivers\Apfiltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00223744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00221912 _____ (Intel Corporation) C:\Windows\System32\Drivers\e1y6232.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00198208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fltMgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00190976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00187752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00175288 _____ (ESET) C:\Windows\System32\Drivers\eamonm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394ohci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00162896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\System32\Drivers\amdsbs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00148480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00146512 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\adpu320.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00142336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00140864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Classpnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00134000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00132992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00130432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00124848 _____ (ESET) C:\Windows\System32\Drivers\ehdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00118784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiswan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00116096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msdsm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdrom.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00108344 _____ (ESET) C:\Windows\System32\Drivers\epfwwfpr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00105024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\NV_AGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00101888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipnat.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096848 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_scsi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irda.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00095824 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_fc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00093696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00089168 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086608 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arcsas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\i8042prt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00080256 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bridge.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00078208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076368 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\arc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxg.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070720 _____ (Adaptec, Inc.) C:\Windows\System32\Drivers\djsvs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cdfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067960 _____ (Citrix Systems, Inc.) C:\Windows\System32\Drivers\ctxusbm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\System32\Drivers\HpSAMD.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00065536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\IPMIDrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00064624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dc3d.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dmvsc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrSerWdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ipfltdrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00058448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fileinfo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\GAGP30KX.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00057424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\disk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00056320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthmodem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpfve.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054864 _____ (LSI Corporation) C:\Windows\System32\Drivers\lsi_sas2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\1394bus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AMDAGP.SYS.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00053312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\AGP440.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mup.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00049152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\agilevpn.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\lltdio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\isapnp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fsdepends.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndisuio.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00044624 _____ (IBM Corporation) C:\Windows\System32\Drivers\nfrd960.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00042576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouclass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\System32\Drivers\iirsp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\circlass.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\npfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00035328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\blbdrive.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\discache.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031744 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\modem.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CompositeBus.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00030800 _____ (LSI Corporation) C:\Windows\System32\Drivers\megasas.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssmbios.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\kbdhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\filetrace.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00028032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msahci.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027136 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndiscap.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00027008 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026840 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026704 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\System32\Drivers\hcw85cir.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mouhid.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\battc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fdc.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00024064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\monitor.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msfs.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022400 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00022096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crcdisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nuidfltr.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\atapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00020992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndistapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\flpydisk.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00019024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\compbatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00018432 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mcd.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\asyncmac.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00016896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nsiproxy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\System32\Drivers\cmdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00015424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\System32\Drivers\aliide.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hwpolicy.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00014080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\CmBatt.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msisadrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\irenum.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltLo.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxapi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012904 _____ (UVNC BVBA) C:\Windows\System32\Drivers\mv2.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\MTConfig.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbMdm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\System32\Drivers\BrUsbSer.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpipmi.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00008320 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mskssrv.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\errdev.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mstee.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00006144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\beep.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005888 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspclock.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005504 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mspqm.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\System32\Drivers\BrFiltUp.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\null.sys.bak
    2014-01-06 08:09 - 2014-01-06 08:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mshidkmdf.sys.bak
    2014-01-06 08:01 - 2014-01-06 08:01 - 03810304 _____ C:\Users\jworks\Desktop\RogueKiller.exe
    2014-01-06 08:01 - 2014-01-06 08:01 - 01233962 _____ C:\Users\jworks\Desktop\adwcleaner.exe
    2014-01-06 07:44 - 2014-01-06 07:44 - 00013229 _____ C:\ComboFix.txt
    2014-01-06 07:44 - 2014-01-06 07:30 - 00000000 ____D C:\Qoobox
    2014-01-06 07:44 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
    2014-01-06 07:43 - 2014-01-06 07:29 - 00000000 ____D C:\Windows\erdnt
    2014-01-06 07:40 - 2009-07-13 18:03 - 56360960 _____ C:\Windows\System32\config\SOFTWARE.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 21495808 _____ C:\Windows\System32\config\SYSTEM.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00786432 _____ C:\Windows\System32\config\DEFAULT.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SECURITY.bak
    2014-01-06 07:40 - 2009-07-13 18:03 - 00262144 _____ C:\Windows\System32\config\SAM.bak
    2014-01-06 07:39 - 2014-01-06 07:39 - 00000000 _____ C:\Windows\setuperr.log
    2014-01-06 07:39 - 2011-06-05 08:19 - 00000000 ____D C:\users\jworks
    2014-01-06 07:39 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini
    2014-01-06 07:38 - 2014-01-06 07:38 - 00000540 _____ C:\Windows\PFRO.log
    2014-01-06 07:29 - 2014-01-06 07:28 - 05160001 ____R (Swearware) C:\Users\jworks\Desktop\ComboFix.exe
    2014-01-06 07:18 - 2014-01-06 07:18 - 00000000 ____D C:\Program Files\Defraggler
    2014-01-06 07:14 - 2013-05-29 05:36 - 00000000 ____D C:\Program Files\PDFCreator
    2014-01-06 07:13 - 2013-05-28 11:40 - 00000000 ____D C:\Program Files\CCleaner
    2014-01-05 04:45 - 2013-12-14 04:19 - 00406217 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Report.xlsx
    2014-01-05 04:44 - 2013-12-15 04:14 - 00422152 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report.xlsx
    2014-01-05 04:10 - 2013-11-11 04:00 - 01033262 _____ C:\Users\jworks\Documents\VR 284#1 Drilling Report.xlsx
    2014-01-05 04:09 - 2013-12-31 04:32 - 01029053 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report (3).xlsx
    2014-01-04 10:15 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\twain_32
    2014-01-04 09:06 - 2014-01-04 09:06 - 00024396 _____ C:\Users\jworks\Documents\MWD Surveys 0-12594.txt
    2014-01-04 05:04 - 2013-12-18 14:03 - 00730840 _____ C:\Users\jworks\Desktop\WD 59 #3 COMPLETION FORECAST.xlsx
    2014-01-04 04:24 - 2013-12-10 04:20 - 01011351 _____ C:\Users\jworks\Documents\Copy of VR 284#1 Drilling Report.xlsx
    2014-01-04 04:21 - 2013-12-31 04:22 - 00125978 _____ C:\Users\jworks\Documents\WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-04 04:05 - 2014-01-03 04:10 - 00388647 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (Autosaved).xlsx
    2014-01-03 09:14 - 2014-01-03 09:14 - 00280064 _____ C:\Users\jworks\Documents\WBD Symbols.xls
    2014-01-03 08:47 - 2011-06-06 08:13 - 36846080 _____ C:\Users\jworks\Documents\Secondary Contact List.cdb
    2014-01-02 09:27 - 2014-01-02 08:53 - 00054272 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling WO.xls
    2014-01-02 07:26 - 2013-11-15 06:00 - 00082785 _____ C:\Users\jworks\Documents\VR 284 #1 Composite.xlsx
    2014-01-02 07:17 - 2014-01-02 07:17 - 00081889 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (4).xlsx
    2014-01-02 06:58 - 2014-01-02 06:58 - 00081908 _____ C:\Users\jworks\Documents\Copy of VR 284 #1 Composite (3).xlsx
    2014-01-02 04:17 - 2013-11-11 04:04 - 00251085 _____ C:\Users\jworks\Documents\VR 284 #1 Cost Report.xlsx
    2014-01-02 04:06 - 2014-01-02 04:06 - 00114117 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report.xlsx
    2014-01-02 04:04 - 2013-12-09 06:24 - 01680446 _____ C:\Users\jworks\Desktop\VR 284 Operations File.xlsx
    2014-01-02 03:45 - 2014-01-02 03:45 - 00024016 _____ C:\Users\jworks\Documents\MWD Surveys 0-12415.txt
    2014-01-01 04:13 - 2013-12-25 04:05 - 00336157 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (3).xlsx
    2014-01-01 04:05 - 2014-01-01 04:05 - 00106000 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Cost Report (20).xlsx
    2013-12-31 19:10 - 2013-12-31 18:11 - 00015462 _____ C:\Users\jworks\Documents\Cost Comparison - WD 59.xlsx
    2013-12-31 18:29 - 2013-12-31 18:10 - 00099807 _____ C:\Users\jworks\Documents\WD 59 #3 Revised cost report.xlsx
    2013-12-31 05:20 - 2013-12-31 05:20 - 00022496 _____ C:\Users\jworks\Documents\MWD Surveys 0-11656.txt
    2013-12-30 07:32 - 2011-06-06 08:13 - 01205760 _____ C:\Users\jworks\Documents\Master Phone List.xls
    2013-12-27 06:04 - 2011-06-11 07:29 - 00000000 ____D C:\Users\jworks\Documents\My Scans
    2013-12-27 05:58 - 2011-06-11 07:11 - 00002758 _____ C:\ProgramData\hpzinstall.log
    2013-12-27 05:46 - 2009-07-13 18:04 - 00000513 _____ C:\Windows\win.ini
    2013-12-27 05:45 - 2011-06-11 07:11 - 00218468 _____ C:\Windows\hpwins14.dat
    2013-12-24 04:08 - 2013-12-23 04:05 - 00200516 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Daily Completion Report (2).xlsx
    2013-12-23 13:03 - 2013-12-23 04:13 - 00206284 _____ C:\Users\jworks\Documents\Copy of 9625 in Casing Run_Cement Sheet.xlsx
    2013-12-18 11:21 - 2013-12-18 11:21 - 00020786 _____ C:\Users\jworks\Documents\MWD Surveys 0-10892.txt
    2013-12-18 09:21 - 2013-12-18 09:21 - 00014610 _____ C:\Users\jworks\Documents\Avalon Pricing.xlsx
    2013-12-18 07:13 - 2013-12-18 07:13 - 00178176 _____ C:\Users\jworks\Documents\WD 59 #3 Forward Work Planner (Rev 12-18-13).xls
    2013-12-18 07:04 - 2013-12-18 07:04 - 00177664 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Forward Work Planner - Initial (2).xls
    2013-12-14 04:09 - 2012-11-28 04:08 - 00000000 ____D C:\Users\jworks\Documents\Rig Reports
    2013-12-13 04:32 - 2013-10-18 03:07 - 01426948 _____ C:\Users\jworks\Documents\WD 59 #3 Drilling Report.xlsx
    2013-12-13 04:28 - 2013-12-11 04:27 - 01423728 _____ C:\Users\jworks\Documents\Copy of WD 59 #3 Drilling Report.xlsx
    2013-12-12 11:52 - 2013-12-04 12:15 - 00053760 _____ C:\Users\jworks\Documents\2014_Renewal Request - Energy Package - Schedule of Projected Drilling& WO.xls
    2013-12-12 03:59 - 2013-10-31 02:58 - 00390803 _____ C:\Users\jworks\Documents\WD59 #3 Drilling Cost Report.xlsx
    2013-12-11 21:34 - 2013-12-11 21:32 - 00005703 _____ C:\Users\jworks\Documents\2013-12-11 WD59Well3 RT Data BHI RCI.xlsx.csv
     
    Some content of TEMP:
    ====================
    C:\Users\jworks\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\jworks\AppData\Local\Temp\Quarantine.exe
     
     
    ==================== Known DLLs (Whitelisted) ============
     
     
    ==================== Bamital & volsnap Check =================
     
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2010-11-20 13:29] - [2010-11-20 13:29] - 0377344 ____A (Microsoft Corporation) 98E00E443CE8467036C71A7DC9A33CEA
     
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
     
    ==================== EXE ASSOCIATION =====================
     
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
     
    ==================== Restore Points  =========================
     
    Restore point made on: 2013-12-04 03:54:07
    Restore point made on: 2013-12-11 09:53:54
    Restore point made on: 2013-12-12 02:05:30
    Restore point made on: 2013-12-19 10:24:30
    Restore point made on: 2013-12-22 02:31:56
    Restore point made on: 2013-12-27 02:31:46
    Restore point made on: 2013-12-31 00:23:14
    Restore point made on: 2014-01-04 03:34:19
    Restore point made on: 2014-01-06 07:22:32
     
    ==================== Memory info =========================== 
     
    Percentage of memory in use: 13%
    Total physical RAM: 4027.24 MB
    Available physical RAM: 3495.69 MB
    Total Pagefile: 4025.53 MB
    Available Pagefile: 3498.71 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1950.87 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:297.99 GB) (Free:180.32 GB) NTFS
    Drive e: (Oct 31 2013) (CDROM) (Total:0.04 GB) (Free:0 GB) UDF
    Drive f: (PATRIOT) (Removable) (Total:14.91 GB) (Free:14.89 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A0014AA0)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
     
     
    LastRegBack: 2014-01-09 08:45
     
    ==================== End Of Log ============================


    #10 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:10 PM

    Posted 10 January 2014 - 12:39 PM

    Hi,

     

    Please try the search for rpcss.dll one more time from FRST via the Recovery Environment.  Note that it may take quite some time to complete...it's searching your entire hard drive.  It may take one minute, it could take twenty.  Please be patient with it.

     

    If waiting doesn't work, we'll try another tool after this.  It's quite important to find a replacement for that file to resolve this infection.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #11 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 10 January 2014 - 12:54 PM

    It worked that time:

     

    Farbar Recovery Scan Tool (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-10 11:41:51
    Running from F:\
    Boot Mode: Recovery
     
    ================== Search: "rpcss.dll" ===================
     
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2010-11-20 13:29] - [2010-11-20 13:29] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
     
    C:\Windows\System32\rpcss.dll
    [2010-11-20 13:29] - [2010-11-20 13:29] - 0377344 ____A (Microsoft Corporation) 98E00E443CE8467036C71A7DC9A33CEA
     
    X:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2010-11-20 01:48] - [2010-11-20 04:21] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
     
    X:\Windows\System32\rpcss.dll
    [2010-11-20 01:48] - [2010-11-20 04:21] - 0376832 ____A (Microsoft Corporation) 7660F01D3B38ACA1747E397D21D790AF
     
    === End Of Search ===


    #12 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:10 PM

    Posted 10 January 2014 - 01:21 PM

    Ok, great!

     

    First, please open Notepad and copy/paste the text in the code box in there and save it as fixlist.txt to the flash drive with FRST on it.

     

    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll

     

    Open FRST as before and press Fix just once.  It will replace that file with a clean copy then save a log (fixlog.txt).  Please post the resulting log here and then try to boot your computer normally.  Let me know how that goes.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #13 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 13 January 2014 - 09:25 AM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-01-2014 01
    Ran by SYSTEM at 2014-01-13 08:21:25 Run:2
    Running from F:\
    Boot Mode: Recovery
     
    ==============================================
     
    Content of fixlist:
    *****************
    Replace: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll C:\Windows\System32\rpcss.dll
    *****************
     
    C:\Windows\System32\rpcss.dll => Moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
     
    ==== End of Fixlog ====

    computer booted normally.  are there any other scans you would like me to run?

     

    thanks,

    john



    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:07:10 PM

    Posted 13 January 2014 - 08:25 PM

    Hello, trek8500xtr.
     
    Yes, a few items to go.
     
     
    Step 1
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
     
     
    Step 2
     
    Next, we need to update Java.
    Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of  Windows Offline (32-bit)]Java Runtime Environment (JRE) 7 Update 45 32-bit version[/URL].  Note that if you have 64-bit windows, the default is to use a 32-bit browser.  If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
  • Java™ 6 Update 20
    Java™ 6 Update 31
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the java file you downloaded to install the newest version.  If you downloaded the 64-bit version, make sure to install that as well.
  •  
    Step 3
     
    Please then reboot then run DDS again and post the resulting log in your reply.  If that looks clean, we'll clean up our quarantines next and wrap up.
     
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 trek8500xtr

    trek8500xtr
    • Topic Starter

    • Members
    • 38 posts
    • OFFLINE
    •  
    • Local time:06:10 PM

    Posted 14 January 2014 - 11:08 AM

    Unfortunately, I'm unable to update Java because we have a couple of business-critical apps that won't work with the latest Java.

     

    The ESET scan ended finding 0 infected files

     

    DDS log:

    DDS (Ver_2012-11-20.01) - NTFS_x86 
    Internet Explorer: 8.0.7601.17514
    Run by jladmin at 10:03:01 on 2014-01-14
    Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3067.1760 [GMT -6:00]
    .
    AV: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Endpoint Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
    C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
    C:\Program Files\Citrix\ICA Client\concentr.exe
    C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
    C:\Program Files\Citrix\Receiver\Receiver.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    C:\Program Files\Citrix\ICA Client\wfcrun32.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k regsvc
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - c:\program files\toshiba\tfpu\TFPUPWDBankBHO.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    mRun: [000StTHK] 000StTHK.exe
    mRun: [TFPUPWDBankService] c:\program files\toshiba\tfpu\TFPUPWDBank.exe /start
    mRun: [TFPUService] c:\program files\toshiba\tfpu\TFPUTaskMonitor.exe /start
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
    mRun: [egui] "c:\program files\eset\eset endpoint antivirus\egui.exe" /hide /waitservice
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://tanaitmgt1:4343/officescan/console/html/ClientInstall/WinNTChk.cab
    DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://tanaitmgt1:4343/officescan/console/html/ClientInstall/setup.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: NameServer = 192.168.1.205 192.168.1.206 127.0.0.1
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9} : DHCPNameServer = 207.70.128.209 207.70.172.13
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\36F6269616E65647D22616379636 : DHCPNameServer = 10.42.0.1
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\4514E414 : DHCPNameServer = 192.168.1.205 192.168.1.206 192.168.1.31 192.168.1.37
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\472747022716E63686 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\74C6F62616C6355796475675962756C6563737 : DHCPNameServer = 4.2.2.1
    TCP: Interfaces\{BC6EABE9-4150-40DD-8708-B166180397E9}\C4563686E656270277962756C656373702E6564777F627B6 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F25050F2-409F-435F-9638-B060D9EB73DA} : DHCPNameServer = 192.168.1.205 192.168.1.206 127.0.0.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    AppInit_DLLs= c:\progra~1\citrix\icacli~1\RSHook.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2012-4-25 67960]
    R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2013-2-4 175288]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2010-6-17 2043712]
    R2 ekrn;ESET Service;c:\program files\eset\eset endpoint antivirus\ekrn.exe [2013-2-14 1020304]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2013-2-4 108344]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-28 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-28 701512]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\common files\microsoft shared\microsoft online services\MSOIDSVC.EXE [2011-9-28 1589152]
    R3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-6-17 677320]
    R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-6-1 221912]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-28 22856]
    R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
    R3 staccel;staccel;c:\windows\system32\drivers\staccel.sys [2012-9-4 32864]
    S1 CorexCardScan;CardScan USB Scanner;c:\windows\system32\drivers\slcorex.sys [2004-8-14 8448]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [2004-8-14 13824]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
    S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-5-4 266408]
    S3 ESHASRV;ESET SHA Service;c:\program files\eset\eset endpoint antivirus\EShaSrv.exe [2013-2-14 183944]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2011-4-26 45056]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-4-30 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2014-01-14 16:01:55 -------- d-----w- c:\users\jladmin\appdata\local\Google
    2014-01-14 15:20:01 -------- d-----w- c:\users\jladmin\appdata\local\ESET
    2014-01-14 15:17:34 -------- d--h--w- c:\windows\AxInstSV
    2014-01-14 11:18:48 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c8341ff-297a-4a05-9db5-cc0ea6649362}\offreg.dll
    2014-01-14 11:17:45 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c8341ff-297a-4a05-9db5-cc0ea6649362}\mpengine.dll
    2014-01-09 18:11:54 -------- d-----w- C:\FRST
    2014-01-06 21:05:40 -------- d-----w- c:\users\jladmin\appdata\local\VirtualStore
    2014-01-06 15:44:52 -------- d-----w- c:\users\jladmin\appdata\local\temp
    2014-01-06 15:39:48 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-01-06 15:30:48 98816 ----a-w- c:\windows\sed.exe
    2014-01-06 15:30:48 256000 ----a-w- c:\windows\PEV.exe
    2014-01-06 15:30:48 208896 ----a-w- c:\windows\MBR.exe
    2014-01-06 15:18:43 -------- d-----w- c:\program files\Defraggler
    .
    ==================== Find3M  ====================
    .
    2014-01-06 16:09:59 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys.bak
    2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 10:03:16.18 ===============
     

    Attached Files






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users