Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus found Win32/Patched c:\WINDOWS\system32\rpcss.dll


  • Please log in to reply
20 replies to this topic

#1 RajunCajun

RajunCajun

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 30 January 2014 - 03:16 PM

I removed a variant of the 'FBI Virus' with Hitman Pro Kickstarter. This variant was the Immigration Customs Enforcement (ICE). I've scanned the system with AVG and it keeps finding this infection and can't remove it. I have run rogue killer on the laptop and it didn't seem to help. I scanned it with Malwarebytes Anti-Rootkit (MBAR) it didn't get rid of the infection either. I'm running a scan with DDS now. It seems to be taking longer than 3 minutes. Meanwhile AVG resident shield is going bonkers because of this virus.

 

DDS scan finished and created 2 text files, dds.txt & attach.txt. dds.txt is pasted below and attach.txt is zipped and attached to this post.

 

 

DDS LOG:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by jhaner at 14:02:55 on 2014-01-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2000.1113 [GMT -6:00]
.
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {E65FBE49-311D-4AEC-8D9D-24BFC4C8AE9D}
AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Updated* {93353F2B-6D1F-4A44-8581-DC5235A2FC0A}
FW: Trend Micro Client-Server Security Agent Firewall *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tsc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxps://intranet.sp.shawcor.com/FlexpipeSystems/Pages/default.aspx
mStart Page = about:blank
uProxyServer = hxxp=127.0.0.1:1353;https=127.0.0.1:1353;
uProxyOverride = <-loopback>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.3.124.0\BingExt.dll
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN34PB3HGF05KF:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
dRun: [Bomgar_Cleanup_ZD4639015724] cmd.exe /C rd /S /Q "c:\documents and settings\all users\application data\bomgar-scc-52e2a86f" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD4639015724 /f
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoOnlinePrintsWizard = dword:1
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-DisallowRun: 1 = msn.exe
uPolicies-DisallowRun: 2 = msn6.exe
uPolicies-DisallowRun: 3 = msnsusii.exe
mPolicies-System: DefaultLogonDomain = shawcor.com
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
IE: &Search - http://tbedits.mapsgalaxy.com/one-toolbaredits/menusearch.jhtml?s=202980021&p2=^UX^xdm025^S03431^us&si=57961&a=A3213518-02BF-4AA9-B406-F388BD89C8F9&n=2012092614&cv=1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://ssl-flx-can-cal-fw.shawcor.com/CSHELL/extender.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258485224046
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258487378100
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxp://intranet1/viewer/activeXViewer/activexviewer.cab
TCP: NameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{4F837009-9C9C-4A14-885A-E349131D960D} : DHCPNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{6BC18242-4169-4197-90EA-2C9A5806925F} : DHCPNameServer = 208.180.42.68 208.180.42.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-11-11 12184]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2008-5-14 263968]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2008-5-14 36128]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-17 112512]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2009-11-17 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-11-17 244368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-17 109568]
R3 NETwNx32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2012-4-9 6650752]
R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2009-11-17 148056]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-11-17 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-11-17 280096]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-11-17 232744]
R3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\drivers\vna.sys [2009-4-2 129304]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-3-18 42648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-3-18 12184]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2014-1-29 51416]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-9 22856]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\drivers\PTUMWBus.sys [2011-6-30 54544]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;c:\windows\system32\drivers\PTUMWCSP.sys [2011-6-30 160400]
S3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\drivers\PTUMWFLT.sys [2011-6-30 11920]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\drivers\PTUMWMdm.sys [2011-6-30 160400]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\drivers\PTUMWNET.sys [2011-6-30 115216]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;c:\windows\system32\drivers\PTUMWNSP.sys [2011-6-30 160400]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\drivers\PTUMWVsp.sys [2011-6-30 160400]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S4 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S4 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
S4 CltMngSvc;Search Protect by Conduit Service;c:\progra~1\searchprotect\main\bin\CltMngSvc.exe [2014-1-29 2301216]
S4 cpextender;Check Point SSL Network Extender;c:\program files\checkpoint\ssl network extender\slimsvc.exe [2011-10-18 355496]
S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-6-26 812392]
S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-6-26 26984]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]
S4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2014-1-29 106248]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-9 418376]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-9 701512]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S4 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2010-3-4 689416]
.
=============== Created Last 30 ================
.
2014-01-30 14:27:29    --------    d-----w-    c:\documents and settings\jhaner\application data\AVG2014
2014-01-30 14:25:18    --------    d-----w-    c:\documents and settings\jhaner\application data\TuneUp Software
2014-01-30 14:21:53    --------    d--h--w-    C:\$AVG
2014-01-30 14:21:53    --------    d-----w-    c:\documents and settings\all users\application data\AVG2014
2014-01-30 14:20:18    --------    d-----w-    c:\program files\AVG
2014-01-29 22:37:17    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2014-01-29 22:32:41    51416    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-29 22:24:17    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2014-01-29 22:24:17    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\MFAData
2014-01-29 22:24:17    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\Avg2014
2014-01-29 22:24:17    --------    d-----w-    c:\documents and settings\all users\application data\MFAData
2014-01-28 21:57:17    --------    d-----w-    c:\program files\HitmanPro
2014-01-28 21:56:22    --------    d-----w-    c:\documents and settings\all users\application data\HitmanPro
2014-01-27 22:52:38    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\KB4037705
2014-01-27 16:09:08    --------    d-----w-    c:\documents and settings\jhaner\application data\Optimizer Pro
2014-01-27 16:05:47    --------    d-----w-    c:\program files\Lightspark 0.5.3-git
2014-01-27 16:04:58    --------    d-----w-    c:\program files\Mobile App Sync
2014-01-27 16:04:57    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\D2M
2014-01-27 16:04:53    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\WeatherBug
2014-01-27 16:04:52    --------    d-----w-    c:\documents and settings\jhaner\application data\WeatherBug
2014-01-27 16:04:48    --------    d-----w-    c:\program files\AWS
2014-01-27 16:03:54    --------    d-----w-    c:\program files\Optimizer Pro
2014-01-27 16:03:35    --------    d-----w-    c:\program files\Browsersafeguard
2014-01-27 16:02:48    --------    d-----w-    c:\program files\SearchProtect
2014-01-27 16:02:48    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\SearchProtect
2014-01-24 17:53:05    7168    ----a-w-    c:\documents and settings\all users\application data\Z@!-f9574697-c0c8-4759-8487-6a6074d13491.tmp
2014-01-22 21:06:01    --------    d-----w-    c:\windows\system32\Wave Systems Corp
2014-01-18 21:27:25    --------    d-sh--w-    C:\found.000
2014-01-17 22:13:52    --------    d-----w-    c:\documents and settings\jhaner\application data\CompuClever
2014-01-17 22:13:40    --------    d-----w-    c:\documents and settings\jhaner\local settings\application data\CompuClever
2014-01-17 17:28:23    --------    d-----w-    c:\windows\system32\MRT
2014-01-17 17:10:20    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2014-01-17 16:59:12    12928    -c----w-    c:\windows\system32\dllcache\usb8023x.sys
2014-01-17 16:58:48    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2014-01-17 16:58:48    46848    -c----w-    c:\windows\system32\dllcache\irbus.sys
2014-01-17 16:58:48    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2014-01-17 16:57:12    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2014-01-17 16:57:12    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
.
==================== Find3M  ====================
.
2014-01-29 22:05:20    181272    ----a-w-    c:\windows\RegBootClean.exe
2014-01-29 21:45:28    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-11-27 20:21:06    40960    ----a-w-    c:\windows\system32\drivers\ndproxy.sys
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 03:50:48    120600    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-11-05 03:57:30    209176    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 14:09:10.31 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 30 January 2014 - 03:34 PM

:welcome:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Edited by JSntgRvr, 30 January 2014 - 03:35 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 30 January 2014 - 04:59 PM

JSntgRvr,  I downloaded the FRST and ran it on the infected pc. When it starts it says it is backing up the registry. However that doesn't happen. Immediately it comes up with the following errors.

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\Security

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\Software

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\system

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\default

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\SAM

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\00000001\ntuser.datt

(hit OK)

 

[RegCreateKeyEx:5 Access is Denied Error Saving File]

Error saving file

C:\FRST\HIVES\00000002\UsrClass.dat

(hit OK)

 

After the error messages go away the laptop is essentially frozen. I am unable to close or minimize the scan tool. I can click on other things but when I double click on something I'm stuck looking at the hour glass cursor and have to power off the laptop because the computer quits responding.. I'm stuck btwn a rock and a hard place. The laptop is not connected to the internet since it still has a trojan on it.

 

It's a Dell Latitude E6400 running Win XP with SP3.



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 30 January 2014 - 06:33 PM

Lets try Rkill before any appication and turn Off your security.

 

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.
 

Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.

RKill can be downloaded from the following location:

http://www.bleepingcomputer.com/download/rkill/

A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply

 

After Rkill is ran, run these applications:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

In the event the computer is restarted, run Rkill again and continue:

 

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt
 

In the event the computer is restarted, run Rkill again and continue:

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 

 

Attempt Farbar's FRST and post its reports.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 31 January 2014 - 10:55 AM

Thanks for all your help. I have to log into the local user account on the laptop in safe mode to run all these scans. When logged into windows normally within minutes of booting up Windows will become unresponsive and I have to power down the laptop.

 

I have attached the Adwcleaner logs (in 1 zip file) and the Rkill log as well. Below are the contents of the JRT & MBAM logs. Windows still freezes when normally booted. I enabled most of the programs and services I had disabled. AVG detects the virus and still can't get rid of it. The laptop is powered down for now until the next step in the cleaning process.

 

[JRT log]

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows XP x86
Ran by flxadmin on Fri 01/31/2014 at  8:40:18.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mapsgalaxy_39
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mapsgalaxy_39
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\optimizer pro_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{01AEE16B-1DF7-474D-87BC-C3C52652F179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\optimizer pro"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ask"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/31/2014 at  8:42:13.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

[MBAM Log]

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.29.10

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
flxadmin :: NB110 [administrator]

Protection: Disabled

1/31/2014 9:14:20 AM
mbam-log-2014-01-31 (09-14-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 393867
Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: matomy_lightspark-highvolume-US -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

Files Detected: 9
C:\Documents and Settings\jhaner\Local Settings\Temp\nsa3B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\jhaner\Local Settings\Temp\nsb44.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\jhaner\Local Settings\Temp\nsg41.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\jhaner\Local Settings\Temp\nsh3E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\jhaner\Local Settings\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsl7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsq13.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\BrowserSafeguard Update Task.job (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

(end)
 

Attached Files



#6 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 31 January 2014 - 11:27 AM

I forgot to note that when I first started JRT it had the same errors backing up the registry that I encountered with FRST the first time I tried to run it. I was able to run FRST in safe mode. It still had the same errors backing up the registry but at least it ran :-) Here are the logs generated by FRST. Thanks again for your help.

 

[FRST Log]

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by flxadmin (administrator) on NB110 on 31-01-2014 10:19:31
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

ATTENTION: If processes are not listed WMI should be repaired.


==================== Processes (Whitelisted) ===================



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [145920 2009-05-18] (Wave Systems Corp.)
HKLM\...\Run: [USCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [15872 2009-07-05] (Broadcom Corporation)
HKLM\...\Run: [UniPrint] - C:\Program Files\UniPrint\Client\SetDfltSettings.exe [204800 2009-06-12] (UniPrint, a division of GFI Business Solutions Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483420 2009-02-23] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [OA001Mon] - C:\WINDOWS\OA001Mon.exe [24576 2009-02-25] (Creative Technology Ltd.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1400832 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1206544 2010-07-19] (Intel® Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1386776 2011-06-23] (Logitech, Inc.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [ChangeTPMAuth] - C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [184320 2009-06-03] (Wave Systems Corp.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AESTFltr] - C:\WINDOWS\system32\AESTFltr.exe [729088 2008-12-16] (Andrea Electronics Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [OfficeScanNT Monitor] - C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [959824 2010-08-13] (Trend Micro Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [ISUSPM] - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
HKCU\...\Run: [UniPrint] - C:\Program Files\UniPrint\Client\SetDfltSettings.exe [204800 2009-06-12] (UniPrint, a division of GFI Business Solutions Inc.)
HKCU\...\Run: [Weather] - C:\Program Files\AWS\WeatherBug\Weather.exe [1653760 2012-11-20] (AWS Convergence Technologies, Inc.)
MountPoints2: D - D:\Setup.exe
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC481240411F1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} http://www2.stlu.com/plugins/Plugin0501.0125/streetnoagent7.cab
DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} https://ssl-flx-can-cal-fw.shawcor.com/CSHELL/extender.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} http://intranet1/viewer/activeXViewer/activexviewer.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [293968 2009-04-27] (Dell Inc.)
S2 cpextender; C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe [355496 2011-10-18] (Check Point Software Technologies)
S2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812392 2009-06-26] (Broadcom Corporation)
S2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [26984 2009-06-26] (Broadcom Corporation)
S2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [376096 2009-07-16] (Dell Inc.)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-01-30] (SurfRight B.V.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [170912 2013-03-06] (Oracle Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1316176 2010-07-28] (Trend Micro Inc.)
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [966656 2010-07-19] (Intel® Corporation)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
S2 STacSV; c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe [254034 2009-02-23] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
S2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)
S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1358160 2010-07-28] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)
S4 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [455632 2005-03-11] (RealVNC Ltd.)
S2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [364544 2010-07-19] (Intel® Corporation)
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) ====================

S3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [112512 2008-12-16] (Andrea Electronics Corporation)
S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [209176 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [147768 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22840 2013-09-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [534440 2008-05-21] (Broadcom Corporation.)
S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.)
S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [991016 2008-08-07] (Broadcom Corporation.)
S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [156392 2007-09-20] (Broadcom Corporation.)
S3 btwmodem; C:\WINDOWS\System32\DRIVERS\btwmodem.sys [37032 2008-02-04] (Broadcom Corporation.)
S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [47272 2008-08-03] (Broadcom Corporation.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 cvusbdrv; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [33832 2009-06-26] (Broadcom Corporation)
S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [244368 2008-04-04] (Intel Corporation)
S3 LEqdUsb; C:\WINDOWS\System32\Drivers\LEqdUsb.Sys [42648 2011-04-30] (Logitech, Inc.)
S3 LHidEqd; C:\WINDOWS\System32\Drivers\LHidEqd.Sys [12184 2011-04-30] (Logitech, Inc.)
S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [30360 2011-04-30] (Logitech, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [51416 2014-01-29] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw5x32; C:\WINDOWS\System32\DRIVERS\NETw5x32.sys [3630080 2008-06-26] (Intel Corporation)
S3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [6650752 2010-07-14] (Intel Corporation)
S2 NPF; C:\WINDOWS\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
S3 NuidFltr; C:\WINDOWS\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 OA001Afx; C:\WINDOWS\system32\Drivers\OA001Afx.sys [148056 2007-06-08] (Creative Technology Ltd.)
S3 OA001Ufd; C:\WINDOWS\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
S3 OA001Vid; C:\WINDOWS\System32\DRIVERS\OA001Vid.sys [280096 2009-03-09] (Creative Technology Ltd.)
R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 PTUMWBus; C:\WINDOWS\System32\DRIVERS\PTUMWBus.sys [54544 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWCSP; C:\WINDOWS\System32\DRIVERS\PTUMWCSP.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWFLT; C:\WINDOWS\System32\DRIVERS\PTUMWFLT.sys [11920 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWMdm; C:\WINDOWS\System32\DRIVERS\PTUMWMdm.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWNET; C:\WINDOWS\System32\DRIVERS\PTUMWNET.sys [115216 2010-07-20] (DEVGURU Co., LTD.)
S3 PTUMWNSP; C:\WINDOWS\System32\DRIVERS\PTUMWNSP.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMWVsp; C:\WINDOWS\System32\DRIVERS\PTUMWVsp.sys [160400 2010-07-20] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [32408 2010-04-14] (Smith Micro Inc.)
S3 SRS_PremiumSound_Service; C:\WINDOWS\System32\drivers\srs_PremiumSound_i386.sys [232744 2009-03-24] ()
S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1545795 2009-02-23] (IDT, Inc.)
S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [177232 2010-08-20] (Trend Micro Inc.)
S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
S1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)
S3 VNA; C:\WINDOWS\System32\DRIVERS\vna.sys [129304 2011-10-18] (Check Point Software Technologies)
S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S2 WavxDMgr; C:\WINDOWS\System32\DRIVERS\WavxDMgr.sys [208824 2009-06-12] (Wave Systems Corp.)
S4 IntelIde; No ImagePath
U3 tmpfw;
U3 TrueSight; \??\ [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 10:19 - 2014-01-31 10:19 - 00014966 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-31 10:15 - 2014-01-30 15:22 - 01137152 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-01-31 09:42 - 2014-01-31 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WeatherBug
2014-01-31 09:42 - 2014-01-31 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-31 09:08 - 2014-01-31 08:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-01-31 09:02 - 2014-01-31 09:02 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-01-31 08:44 - 2014-01-31 08:55 - 00000000 ____D C:\AdwCleaner
2014-01-31 08:42 - 2014-01-31 08:42 - 00005200 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-01-31 08:33 - 2014-01-31 08:33 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-31 08:32 - 2014-01-31 08:08 - 01166132 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-01-31 08:32 - 2014-01-31 08:07 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-01-31 08:28 - 2014-01-31 09:11 - 00196392 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-01-30 15:33 - 2014-01-30 15:22 - 01137152 _____ (Farbar) C:\Documents and Settings\jhaner\Desktop\FRST.exe
2014-01-30 15:29 - 2014-01-31 10:19 - 00000000 ____D C:\FRST
2014-01-30 14:09 - 2014-01-30 14:09 - 00019740 _____ C:\Documents and Settings\jhaner\Desktop\attach.txt
2014-01-30 14:09 - 2014-01-30 14:09 - 00016334 _____ C:\Documents and Settings\jhaner\Desktop\dds.txt
2014-01-30 08:40 - 2014-01-30 08:40 - 00000402 _____ C:\rkill.log
2014-01-30 08:27 - 2014-01-30 08:27 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\AVG2014
2014-01-30 08:25 - 2014-01-30 08:25 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-30 08:25 - 2014-01-30 08:25 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\TuneUp Software
2014-01-30 08:25 - 2014-01-30 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-30 08:21 - 2014-01-30 08:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-30 08:21 - 2014-01-30 08:21 - 00000000 ___HD C:\$AVG
2014-01-30 08:20 - 2014-01-30 08:20 - 00000000 ____D C:\Program Files\AVG
2014-01-30 08:11 - 2014-01-30 08:11 - 06650752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwNx32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 06278560 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 03630080 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETw5x32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 01545795 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\sthda.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00991016 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btkrnl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00799744 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmboot.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00534440 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00456320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmuni.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00329752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStor.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00280096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Vid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00262528 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\cinemst2.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00244368 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1y5132.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00232744 _____ C:\WINDOWS\system32\Drivers\SRS_PremiumSound_i386.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00208824 _____ (Wave Systems Corp.) C:\WINDOWS\system32\Drivers\WavxDMgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00203136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00196224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00177232 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00175744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00164180 _____ (Jungo) C:\WINDOWS\system32\Drivers\windrvr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00163584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwrdr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWVsp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWNSP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWMdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWCSP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00156392 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwdndis.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00153344 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00148056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Afx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00139784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00133632 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Ufd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00129304 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\vna.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00115216 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWNET.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00112512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\Drivers\AESTAud.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00109568 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcHdmi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00096384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00089896 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwsecfl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00089872 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmtdi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00088320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkipx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00079232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnknb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ohci1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00058112 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00055936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkspx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmlane.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00054544 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWBus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394bus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tosdvd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00050704 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00047272 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\p3.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042648 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LEqdUsb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00041240 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LHidFilt.Sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nmnt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00039936 _____ (REDC) C:\WINDOWS\system32\Drivers\rimmptsk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00039064 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LMouFilt.Sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk7.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk6.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037160 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037032 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwmodem.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crusoe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rawwan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00033832 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\cvusbdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmepvc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030360 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LUsbFilt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00027136 _____ (Research in Motion Ltd) C:\WINDOWS\system32\Drivers\RimSerial.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026608 _____ (Dell Inc) C:\WINDOWS\system32\Drivers\PBADRV.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbstor.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd2.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sonydcam.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00021376 _____ (Toshiba Corporation) C:\WINDOWS\system32\Drivers\tsbvcap.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbintel.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nuidfltr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\diskdump.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cbidf2k.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\s24trans.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunmp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012184 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LHidEqd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012184 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LBeepKE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsvga.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\riodrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\rio8drv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\nikedrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011920 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWFLT.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011776 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\Drivers\cpqdap01.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_mmc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parvdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\enum1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005888 _____ (Microsoft Corp., Veritas Software.) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak
2014-01-30 08:08 - 2014-01-30 13:55 - 00000000 ____D C:\Documents and Settings\jhaner\Desktop\RK_Quarantine
2014-01-29 16:37 - 2014-01-29 16:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-29 16:32 - 2014-01-29 16:32 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-29 16:24 - 2014-01-30 12:00 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\Avg2014
2014-01-29 16:24 - 2014-01-30 08:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-29 16:24 - 2014-01-29 16:24 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\MFAData
2014-01-29 16:00 - 2014-01-29 16:00 - 00001282 _____ C:\WINDOWS\system32\.crusader
2014-01-29 15:49 - 2014-01-29 16:05 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-01-29 15:49 - 2014-01-29 15:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-01-29 15:45 - 2014-01-29 15:45 - 00000339 _____ C:\WINDOWS\LkmdfCoInst.log
2014-01-28 15:57 - 2014-01-29 15:49 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-28 15:56 - 2014-01-29 16:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-01-27 16:53 - 2014-01-28 16:45 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\bjw28zodb.odd
2014-01-27 16:52 - 2014-01-28 14:02 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\KB4037705
2014-01-27 10:09 - 2014-01-27 10:09 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\Optimizer Pro
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mobile App Sync
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
2014-01-27 10:04 - 2014-01-27 10:05 - 00000000 ____D C:\Program Files\Mobile App Sync
2014-01-27 10:04 - 2014-01-27 10:04 - 00000513 _____ C:\Documents and Settings\jhaner\Desktop\WeatherBug.lnk
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Program Files\AWS
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Start Menu\Programs\WeatherBug
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\WeatherBug
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\D2M
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\WeatherBug
2014-01-27 10:03 - 2014-01-27 10:03 - 00000737 _____ C:\Documents and Settings\jhaner\Desktop\Optimizer Pro.lnk
2014-01-27 10:02 - 2014-01-27 10:03 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\SearchProtect
2014-01-24 12:07 - 2014-01-24 12:07 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-24 12:06 - 2014-01-24 12:07 - 00000000 ___SD C:\32788R22FWJFW
2014-01-24 12:03 - 2014-01-24 12:03 - 00000946 _____ C:\Documents and Settings\jhaner\Desktop\Continue Zip Opener Installation.lnk
2014-01-24 11:53 - 2011-05-24 19:23 - 00007168 _____ C:\Documents and Settings\All Users\Application Data\Z@!-f9574697-c0c8-4759-8487-6a6074d13491.tmp
2014-01-23 16:33 - 2014-01-23 16:33 - 04157141 _____ C:\Documents and Settings\jhaner\My Documents\Copy of Account Manager-v2 1  AM- 2013 12 mos.xlsx
2014-01-22 15:06 - 2014-01-22 15:06 - 00000000 ____D C:\WINDOWS\system32\Wave Systems Corp
2014-01-20 17:32 - 2014-01-20 17:32 - 00015763 _____ C:\WINDOWS\KB2834886.log
2014-01-20 17:32 - 2014-01-20 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-20 17:32 - 2014-01-20 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-20 17:08 - 2014-01-20 17:08 - 00015410 _____ C:\WINDOWS\KB2900986.log
2014-01-20 17:08 - 2014-01-20 17:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-20 17:07 - 2014-01-20 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-20 17:06 - 2014-01-20 17:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-20 17:04 - 2014-01-20 17:06 - 00017446 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-20 17:03 - 2014-01-20 17:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-20 16:53 - 2014-01-20 16:53 - 00009547 _____ C:\WINDOWS\KB2862335.log
2014-01-20 16:53 - 2014-01-20 16:53 - 00008602 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-20 16:52 - 2014-01-20 16:52 - 00008824 _____ C:\WINDOWS\KB2904266.log
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-20 16:51 - 2014-01-28 14:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-20 16:49 - 2014-01-20 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-20 16:39 - 2014-01-20 16:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-20 16:34 - 2014-01-20 16:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-20 16:15 - 2014-01-20 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-20 16:15 - 2014-01-20 16:15 - 00009017 _____ C:\WINDOWS\KB2807986.log
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-20 16:10 - 2014-01-20 16:11 - 00008941 _____ C:\WINDOWS\KB2868038.log
2014-01-20 16:10 - 2014-01-20 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2014-01-20 16:10 - 2014-01-20 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-20 16:09 - 2014-01-23 14:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-20 16:08 - 2014-01-20 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-20 16:08 - 2014-01-20 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-18 15:41 - 2014-01-18 15:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-18 15:27 - 2014-01-18 15:27 - 00000000 __SHD C:\found.000
2014-01-17 16:13 - 2014-01-17 16:13 - 00001228 _____ C:\Documents and Settings\jhaner\Desktop\Ultra File Opener.lnk
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Start Menu\Programs\CompuClever
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\CompuClever
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\CompuClever
2014-01-17 12:00 - 2014-01-17 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-17 11:28 - 2014-01-17 11:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 11:27 - 2014-01-17 11:28 - 00004716 _____ C:\WINDOWS\KB2914368.log
2014-01-17 11:27 - 2014-01-17 11:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 11:18 - 2014-01-20 17:33 - 00023891 _____ C:\WINDOWS\KB2868626.log
2014-01-17 11:16 - 2014-01-20 17:08 - 00023230 _____ C:\WINDOWS\KB2847311.log
2014-01-17 11:15 - 2014-01-20 17:06 - 00024830 _____ C:\WINDOWS\KB2802968.log
2014-01-17 11:12 - 2014-01-20 17:03 - 00017081 _____ C:\WINDOWS\KB2898715.log
2014-01-17 11:10 - 2013-07-02 20:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2014-01-17 11:09 - 2014-01-20 16:53 - 00018115 _____ C:\WINDOWS\KB2780091.log
2014-01-17 11:09 - 2014-01-20 16:52 - 00015662 _____ C:\WINDOWS\KB2845187.log
2014-01-17 11:08 - 2014-01-20 16:52 - 00016005 _____ C:\WINDOWS\KB2876217.log
2014-01-17 11:07 - 2014-01-20 16:49 - 00015217 _____ C:\WINDOWS\KB2864063.log
2014-01-17 11:02 - 2014-01-20 16:39 - 00015494 _____ C:\WINDOWS\KB2862152.log
2014-01-17 11:00 - 2014-01-20 16:35 - 00014977 _____ C:\WINDOWS\KB2850869.log
2014-01-17 10:59 - 2014-01-20 16:16 - 00015494 _____ C:\WINDOWS\KB2859537.log
2014-01-17 10:59 - 2014-01-20 16:16 - 00014076 _____ C:\WINDOWS\KB2876331.log
2014-01-17 10:59 - 2013-02-11 18:32 - 00012928 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2014-01-17 10:58 - 2014-01-20 16:10 - 00015619 _____ C:\WINDOWS\KB2820917.log
2014-01-17 10:58 - 2014-01-20 16:10 - 00012707 _____ C:\WINDOWS\KB2893294.log
2014-01-17 10:58 - 2013-07-16 18:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2014-01-17 10:58 - 2013-07-16 18:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2014-01-17 10:58 - 2013-07-16 18:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2014-01-17 10:57 - 2014-01-20 16:09 - 00013944 _____ C:\WINDOWS\KB2893984.log
2014-01-17 10:57 - 2014-01-20 16:08 - 00013009 _____ C:\WINDOWS\KB2892075.log
2014-01-17 10:57 - 2013-08-08 18:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2014-01-17 10:57 - 2013-08-08 18:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2014-01-17 10:56 - 2014-01-18 15:43 - 00016087 _____ C:\WINDOWS\KB2813345.log
2014-01-17 10:27 - 2014-01-17 10:27 - 00028672 _____ C:\WINDOWS\system32\fjeeoht.tyl
2014-01-17 10:17 - 2014-01-30 13:53 - 00000082 _____ C:\WINDOWS\system32\aznto.umu
2014-01-17 10:17 - 2014-01-17 10:27 - 00000101 _____ C:\WINDOWS\system32\baqv.fcd
2014-01-17 10:17 - 2014-01-17 10:17 - 00000064 _____ C:\WINDOWS\system32\hjbe.stl
2014-01-17 10:01 - 2014-01-17 10:01 - 00101213 ____S C:\WINDOWS\system32\kusn.zvy
2014-01-03 10:55 - 2014-01-03 10:55 - 00098304 _____ C:\WINDOWS\Minidump\Mini010314-01.dmp

==================== One Month Modified Files and Folders =======

2014-01-31 10:19 - 2014-01-31 10:19 - 00014966 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-31 10:19 - 2014-01-30 15:29 - 00000000 ____D C:\FRST
2014-01-31 10:15 - 2009-11-17 04:11 - 00438466 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-31 10:12 - 2008-04-14 06:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-31 09:42 - 2014-01-31 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\WeatherBug
2014-01-31 09:42 - 2014-01-31 09:42 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-31 09:42 - 2010-02-12 10:14 - 00000426 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACB40F4C-3AC9-4143-81DC-FE4B3D23F97E}.job
2014-01-31 09:42 - 2010-01-15 12:05 - 00000031 _____ C:\tmuninst.ini
2014-01-31 09:42 - 2009-11-17 13:55 - 00000000 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2014-01-31 09:41 - 2011-03-04 11:34 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 09:41 - 2009-11-17 11:22 - 01092902 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-31 09:40 - 2009-11-17 11:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-31 09:40 - 2009-11-17 04:13 - 00000048 _____ C:\WINDOWS\wiaservc.log
2014-01-31 09:40 - 2009-11-17 04:12 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-31 09:39 - 2009-11-17 13:55 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-31 09:39 - 2009-11-17 11:25 - 00031842 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-31 09:39 - 2009-11-17 04:10 - 00000211 ___SH C:\boot.ini
2014-01-31 09:39 - 2008-04-14 06:00 - 00000582 _____ C:\WINDOWS\win.ini
2014-01-31 09:39 - 2008-04-14 06:00 - 00000227 _____ C:\WINDOWS\system.ini
2014-01-31 09:38 - 2009-11-17 13:48 - 00000428 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{734054B0-7094-48BA-A941-59479B40EF68}.job
2014-01-31 09:23 - 2012-01-15 00:08 - 00181272 _____ C:\WINDOWS\RegBootClean.exe
2014-01-31 09:22 - 2010-06-10 07:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB980218$
2014-01-31 09:11 - 2014-01-31 08:28 - 00196392 _____ C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-01-31 09:02 - 2014-01-31 09:02 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
2014-01-31 08:58 - 2011-03-04 11:34 - 00000890 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 08:55 - 2014-01-31 08:44 - 00000000 ____D C:\AdwCleaner
2014-01-31 08:42 - 2014-01-31 08:42 - 00005200 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2014-01-31 08:33 - 2014-01-31 08:33 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-31 08:22 - 2012-01-31 17:21 - 00302486 _____ C:\WINDOWS\setupapi.log
2014-01-31 08:08 - 2014-01-31 08:32 - 01166132 _____ C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
2014-01-31 08:07 - 2014-01-31 09:08 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-01-31 08:07 - 2014-01-31 08:32 - 01037068 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2014-01-30 15:22 - 2014-01-31 10:15 - 01137152 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-01-30 15:22 - 2014-01-30 15:33 - 01137152 _____ (Farbar) C:\Documents and Settings\jhaner\Desktop\FRST.exe
2014-01-30 14:11 - 2011-09-12 10:47 - 00000178 ___SH C:\Documents and Settings\jhaner\ntuser.ini
2014-01-30 14:09 - 2014-01-30 14:09 - 00019740 _____ C:\Documents and Settings\jhaner\Desktop\attach.txt
2014-01-30 14:09 - 2014-01-30 14:09 - 00016334 _____ C:\Documents and Settings\jhaner\Desktop\dds.txt
2014-01-30 14:03 - 2010-11-29 09:59 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2014-01-30 14:01 - 2013-07-08 12:24 - 00000452 _____ C:\WINDOWS\Tasks\At4.job
2014-01-30 13:58 - 2010-02-16 10:10 - 00000000 ____D C:\WINDOWS\pss
2014-01-30 13:55 - 2014-01-30 08:08 - 00000000 ____D C:\Documents and Settings\jhaner\Desktop\RK_Quarantine
2014-01-30 13:55 - 2011-09-12 10:48 - 00000000 _____ C:\Documents and Settings\jhaner\Local Settings\Application Data\WavXMapDrive.bat
2014-01-30 13:53 - 2014-01-17 10:17 - 00000082 _____ C:\WINDOWS\system32\aznto.umu
2014-01-30 13:44 - 2012-04-09 15:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-30 13:25 - 2013-07-08 12:24 - 00000452 _____ C:\WINDOWS\Tasks\At3.job
2014-01-30 12:00 - 2014-01-29 16:24 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\Avg2014
2014-01-30 10:11 - 2013-07-08 12:24 - 00000452 _____ C:\WINDOWS\Tasks\At1.job
2014-01-30 09:06 - 2009-11-17 11:25 - 00000000 __SHD C:\Documents and Settings\LocalService
2014-01-30 09:06 - 2009-11-17 11:24 - 00000000 __SHD C:\Documents and Settings\NetworkService
2014-01-30 08:40 - 2014-01-30 08:40 - 00000402 _____ C:\rkill.log
2014-01-30 08:31 - 2014-01-29 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-30 08:27 - 2014-01-30 08:27 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\AVG2014
2014-01-30 08:26 - 2014-01-30 08:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-30 08:25 - 2014-01-30 08:25 - 00000702 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-30 08:25 - 2014-01-30 08:25 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\TuneUp Software
2014-01-30 08:25 - 2014-01-30 08:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-30 08:21 - 2014-01-30 08:21 - 00000000 ___HD C:\$AVG
2014-01-30 08:20 - 2014-01-30 08:20 - 00000000 ____D C:\Program Files\AVG
2014-01-30 08:11 - 2014-01-30 08:11 - 06650752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETwNx32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 06278560 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igxpmp32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 03630080 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\NETw5x32.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 01545795 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\sthda.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00991016 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btkrnl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00799744 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmboot.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00534440 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00456320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00361600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmuni.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00329752 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStor.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00280096 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Vid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00272128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00262528 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\cinemst2.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00244368 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\e1y5132.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00232744 _____ C:\WINDOWS\system32\Drivers\SRS_PremiumSound_i386.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00226880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00208824 _____ (Wave Systems Corp.) C:\WINDOWS\system32\Drivers\WavxDMgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00203136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00196224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00187776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00182656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00177232 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00175744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kmixer.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00164180 _____ (Jungo) C:\WINDOWS\system32\Drivers\windrvr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00163584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwrdr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWVsp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWNSP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWMdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00160400 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\PTUMWCSP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00156392 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwdndis.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00153344 _____ (Microsoft Corp., Veritas Software) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00152832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00148056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Afx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00146048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00144384 _____ (Windows ® Server 2003 DDK provider) C:\WINDOWS\system32\Drivers\hdaudbus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00144128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00142592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\aec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00141056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00139784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00138496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00133632 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\Drivers\OA001Ufd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00129792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00129304 _____ (Check Point Software Technologies) C:\WINDOWS\system32\Drivers\vna.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00125056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00120192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcmcia.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00115216 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWNET.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00112512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\Drivers\AESTAud.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00109568 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcHdmi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00096384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00092928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00092544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00091520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00089896 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwsecfl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00089872 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmtdi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00088320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkipx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdmaud.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfRd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00081664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00080128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00079232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00077568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WudfPf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00073472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00071552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\psched.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00068224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnknb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nic1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00061696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ohci1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sysaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\arp1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00059520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00058112 _____ (RAVISENT Technologies Inc.) C:\WINDOWS\system32\Drivers\vdmindvd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00057600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00056576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swmidi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00055936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkspx.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmlane.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00054544 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWBus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00053376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\1394bus.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\DMusic.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tosdvd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00050704 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00049536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stream.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00048384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00047272 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00045056 _____ (Apple, Inc.) C:\WINDOWS\system32\Drivers\usbaapl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\p3.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042648 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LEqdUsb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00042112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00041240 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LHidFilt.Sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00040320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nmnt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00039936 _____ (REDC) C:\WINDOWS\system32\Drivers\rimmptsk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00039064 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LMouFilt.Sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00038528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpdusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk7.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk6.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037160 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btport.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00037032 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwmodem.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crusoe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00035072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00034432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rawwan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00033832 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\cvusbdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkfwd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00031360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmepvc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030360 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LUsbFilt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00030080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00027392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00027136 _____ (Research in Motion Ltd) C:\WINDOWS\system32\Drivers\RimSerial.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026840 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026608 _____ (Dell Inc) C:\WINDOWS\system32\Drivers\PBADRV.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00026368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbstor.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd2.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcamd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sonydcam.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00024960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00021896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00021376 _____ (Toshiba Corporation) C:\WINDOWS\system32\Drivers\tsbvcap.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipinip.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00019072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00018688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdaudio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00017792 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00016512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbintel.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nuidfltr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\smclib.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\diskdump.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00014208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cbidf2k.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00013952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\s24trans.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwlnkflt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunmp.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012184 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LHidEqd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012184 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LBeepKE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsvga.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\riodrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\rio8drv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (S3/Diamond Multimedia Systems) C:\WINDOWS\system32\Drivers\nikedrv.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00012032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011920 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\PTUMWFLT.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffdisk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011776 _____ (Compaq Computer Corporation) C:\WINDOWS\system32\Drivers\cpqdap01.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpiec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00011008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_sd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sffp_mmc.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00008832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00007552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSKSSRV.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serscan.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parvdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\enum1394.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\splitter.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005888 _____ (Microsoft Corp., Veritas Software.) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00005376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPCLOCK.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSPQM.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00004224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\oprghdlr.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2014-01-30 08:11 - 2014-01-30 08:11 - 00002944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys.bak
2014-01-29 20:40 - 2013-07-08 12:24 - 00000452 _____ C:\WINDOWS\Tasks\At2.job
2014-01-29 16:39 - 2014-01-29 16:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-01-29 16:32 - 2014-01-29 16:32 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-01-29 16:24 - 2014-01-29 16:24 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\MFAData
2014-01-29 16:20 - 2012-01-31 15:16 - 00000784 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-29 16:20 - 2011-11-09 11:26 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 16:20 - 2011-11-09 11:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-01-29 16:05 - 2014-01-29 15:49 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-01-29 16:02 - 2013-02-15 15:13 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-29 16:00 - 2014-01-29 16:00 - 00001282 _____ C:\WINDOWS\system32\.crusader
2014-01-29 16:00 - 2014-01-28 15:56 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-01-29 15:49 - 2014-01-29 15:49 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-01-29 15:49 - 2014-01-28 15:57 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-29 15:45 - 2014-01-29 15:45 - 00000339 _____ C:\WINDOWS\LkmdfCoInst.log
2014-01-29 15:45 - 2012-02-17 03:00 - 00000191 _____ C:\WINDOWS\setupact.log
2014-01-29 15:45 - 2010-11-11 09:08 - 00016400 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2014-01-28 16:45 - 2014-01-27 16:53 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\bjw28zodb.odd
2014-01-28 14:02 - 2014-01-27 16:52 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\KB4037705
2014-01-28 14:01 - 2014-01-20 16:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2014-01-27 10:09 - 2014-01-27 10:09 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\Optimizer Pro
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Program Files\Lightspark 0.5.3-git
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Mobile App Sync
2014-01-27 10:05 - 2014-01-27 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
2014-01-27 10:05 - 2014-01-27 10:04 - 00000000 ____D C:\Program Files\Mobile App Sync
2014-01-27 10:04 - 2014-01-27 10:04 - 00000513 _____ C:\Documents and Settings\jhaner\Desktop\WeatherBug.lnk
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Program Files\AWS
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Start Menu\Programs\WeatherBug
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\WeatherBug
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\D2M
2014-01-27 10:04 - 2014-01-27 10:04 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\WeatherBug
2014-01-27 10:03 - 2014-01-27 10:03 - 00000737 _____ C:\Documents and Settings\jhaner\Desktop\Optimizer Pro.lnk
2014-01-27 10:03 - 2014-01-27 10:02 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\SearchProtect
2014-01-27 09:42 - 2009-11-17 14:22 - 00002521 _____ C:\Documents and Settings\All Users\Desktop\Outlook 2007.lnk
2014-01-24 12:07 - 2014-01-24 12:07 - 00000000 ____D C:\WINDOWS\erdnt
2014-01-24 12:07 - 2014-01-24 12:06 - 00000000 ___SD C:\32788R22FWJFW
2014-01-24 12:03 - 2014-01-24 12:03 - 00000946 _____ C:\Documents and Settings\jhaner\Desktop\Continue Zip Opener Installation.lnk
2014-01-24 11:58 - 2013-03-06 10:46 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\AskToolbar
2014-01-23 16:33 - 2014-01-23 16:33 - 04157141 _____ C:\Documents and Settings\jhaner\My Documents\Copy of Account Manager-v2 1  AM- 2013 12 mos.xlsx
2014-01-23 14:54 - 2014-01-20 16:09 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2014-01-22 15:06 - 2014-01-22 15:06 - 00000000 ____D C:\WINDOWS\system32\Wave Systems Corp
2014-01-21 09:43 - 2013-12-02 12:30 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-20 17:39 - 2009-11-17 11:49 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-20 17:33 - 2014-01-17 11:18 - 00023891 _____ C:\WINDOWS\KB2868626.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00463536 _____ C:\WINDOWS\iis6.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00432809 _____ C:\WINDOWS\FaxSetup.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00206920 _____ C:\WINDOWS\ocgen.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00197470 _____ C:\WINDOWS\tsoc.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00142442 _____ C:\WINDOWS\comsetup.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00130730 _____ C:\WINDOWS\msmqinst.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00086396 _____ C:\WINDOWS\ntdtcsetup.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00075810 _____ C:\WINDOWS\netfxocm.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00029750 _____ C:\WINDOWS\MedCtrOC.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00023940 _____ C:\WINDOWS\ocmsn.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00021770 _____ C:\WINDOWS\tabletoc.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00021630 _____ C:\WINDOWS\msgsocm.log
2014-01-20 17:33 - 2012-02-17 03:00 - 00001809 _____ C:\WINDOWS\imsins.log
2014-01-20 17:33 - 2009-11-17 04:11 - 00267008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-20 17:32 - 2014-01-20 17:32 - 00015763 _____ C:\WINDOWS\KB2834886.log
2014-01-20 17:32 - 2014-01-20 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2014-01-20 17:32 - 2014-01-20 17:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2014-01-20 17:32 - 2012-02-17 03:01 - 00029303 _____ C:\WINDOWS\updspapi.log
2014-01-20 17:32 - 2012-02-17 03:00 - 00001809 _____ C:\WINDOWS\imsins.BAK
2014-01-20 17:30 - 2009-11-17 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-01-20 17:08 - 2014-01-20 17:08 - 00015410 _____ C:\WINDOWS\KB2900986.log
2014-01-20 17:08 - 2014-01-20 17:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2014-01-20 17:08 - 2014-01-17 11:16 - 00023230 _____ C:\WINDOWS\KB2847311.log
2014-01-20 17:07 - 2014-01-20 17:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2014-01-20 17:06 - 2014-01-20 17:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2802968$
2014-01-20 17:06 - 2014-01-20 17:04 - 00017446 _____ C:\WINDOWS\KB2898785-IE8.log
2014-01-20 17:06 - 2014-01-17 11:15 - 00024830 _____ C:\WINDOWS\KB2802968.log
2014-01-20 17:03 - 2014-01-20 17:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2014-01-20 17:03 - 2014-01-17 11:12 - 00017081 _____ C:\WINDOWS\KB2898715.log
2014-01-20 16:53 - 2014-01-20 16:53 - 00009547 _____ C:\WINDOWS\KB2862335.log
2014-01-20 16:53 - 2014-01-20 16:53 - 00008602 _____ C:\WINDOWS\KB2834904-v2.log
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2014-01-20 16:53 - 2014-01-20 16:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-20 16:53 - 2014-01-17 11:09 - 00018115 _____ C:\WINDOWS\KB2780091.log
2014-01-20 16:52 - 2014-01-20 16:52 - 00008824 _____ C:\WINDOWS\KB2904266.log
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2014-01-20 16:52 - 2014-01-20 16:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2014-01-20 16:52 - 2014-01-17 11:09 - 00015662 _____ C:\WINDOWS\KB2845187.log
2014-01-20 16:52 - 2014-01-17 11:08 - 00016005 _____ C:\WINDOWS\KB2876217.log
2014-01-20 16:52 - 2009-11-17 13:23 - 00049466 _____ C:\WINDOWS\system32\TZLog.log
2014-01-20 16:49 - 2014-01-20 16:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2014-01-20 16:49 - 2014-01-17 11:07 - 00015217 _____ C:\WINDOWS\KB2864063.log
2014-01-20 16:39 - 2014-01-20 16:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2014-01-20 16:39 - 2014-01-17 11:02 - 00015494 _____ C:\WINDOWS\KB2862152.log
2014-01-20 16:35 - 2014-01-17 11:00 - 00014977 _____ C:\WINDOWS\KB2850869.log
2014-01-20 16:34 - 2014-01-20 16:34 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2014-01-20 16:16 - 2014-01-20 16:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2014-01-20 16:16 - 2014-01-20 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2014-01-20 16:16 - 2014-01-17 10:59 - 00015494 _____ C:\WINDOWS\KB2859537.log
2014-01-20 16:16 - 2014-01-17 10:59 - 00014076 _____ C:\WINDOWS\KB2876331.log
2014-01-20 16:15 - 2014-01-20 16:15 - 00009017 _____ C:\WINDOWS\KB2807986.log
2014-01-20 16:15 - 2014-01-20 16:15 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2014-01-20 16:15 - 2009-11-17 12:29 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-20 16:11 - 2014-01-20 16:10 - 00008941 _____ C:\WINDOWS\KB2868038.log
2014-01-20 16:10 - 2014-01-20 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2014-01-20 16:10 - 2014-01-20 16:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2014-01-20 16:10 - 2014-01-17 10:58 - 00015619 _____ C:\WINDOWS\KB2820917.log
2014-01-20 16:10 - 2014-01-17 10:58 - 00012707 _____ C:\WINDOWS\KB2893294.log
2014-01-20 16:09 - 2014-01-17 10:57 - 00013944 _____ C:\WINDOWS\KB2893984.log
2014-01-20 16:08 - 2014-01-20 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2014-01-20 16:08 - 2014-01-20 16:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2014-01-20 16:08 - 2014-01-17 10:57 - 00013009 _____ C:\WINDOWS\KB2892075.log
2014-01-18 15:43 - 2014-01-17 10:56 - 00016087 _____ C:\WINDOWS\KB2813345.log
2014-01-18 15:41 - 2014-01-18 15:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-18 15:33 - 2012-01-31 16:33 - 00001011 _____ C:\WINDOWS\TMFilter.log
2014-01-18 15:27 - 2014-01-18 15:27 - 00000000 __SHD C:\found.000
2014-01-17 16:13 - 2014-01-17 16:13 - 00001228 _____ C:\Documents and Settings\jhaner\Desktop\Ultra File Opener.lnk
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Start Menu\Programs\CompuClever
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\CompuClever
2014-01-17 16:13 - 2014-01-17 16:13 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\CompuClever
2014-01-17 12:00 - 2014-01-17 12:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2014-01-17 11:44 - 2009-11-17 12:35 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2014-01-17 11:35 - 2014-01-17 11:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 11:28 - 2014-01-17 11:27 - 00004716 _____ C:\WINDOWS\KB2914368.log
2014-01-17 11:27 - 2014-01-17 11:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-17 10:27 - 2014-01-17 10:27 - 00028672 _____ C:\WINDOWS\system32\fjeeoht.tyl
2014-01-17 10:27 - 2014-01-17 10:17 - 00000101 _____ C:\WINDOWS\system32\baqv.fcd
2014-01-17 10:22 - 2013-02-15 15:11 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-17 10:17 - 2014-01-17 10:17 - 00000064 _____ C:\WINDOWS\system32\hjbe.stl
2014-01-17 10:01 - 2014-01-17 10:01 - 00101213 ____S C:\WINDOWS\system32\kusn.zvy
2014-01-13 15:14 - 2011-09-22 10:10 - 00000000 ____D C:\Documents and Settings\jhaner\My Documents\expenses
2014-01-07 15:45 - 2012-07-10 13:07 - 00000000 ____D C:\Documents and Settings\jhaner\Local Settings\Application Data\Google
2014-01-06 16:20 - 2009-11-17 13:24 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-03 11:01 - 2013-07-08 12:22 - 00000000 ____D C:\Documents and Settings\jhaner\Application Data\HpUpdate
2014-01-03 10:55 - 2014-01-03 10:55 - 00098304 _____ C:\WINDOWS\Minidump\Mini010314-01.dmp
2014-01-03 10:55 - 2012-09-26 12:35 - 00000000 ____D C:\WINDOWS\Minidump

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\flxadmin\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\jbarnes\Local Settings\Temp\WinZip.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\GoogleToolbarStandaloneSetup_7_4_3230_2052_en32.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\ICReinstall_ZipOpenerSetup[1].exe
C:\Documents and Settings\jhaner\Local Settings\Temp\install_reader11_en_gtba_chra_dy_aih[1].exe
C:\Documents and Settings\jhaner\Local Settings\Temp\jre-6u33-windows-i586-iftw.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\jhaner\Local Settings\Temp\setup.exe
C:\Documents and Settings\jhaner\Local Settings\Temp\System.Data.SQLite.dll
C:\Documents and Settings\jhaner\Local Settings\Temp\System.Data.SQLite12721.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2008-04-14 06:00] - [2009-02-09 06:10] - 0401408 ____A (Microsoft Corporation) fc83fc2ec539af1e8c07478b1abc4d6e

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

[Addition Log]

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-01-2014 01
Ran by flxadmin at 2014-01-31 10:20:12
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {E65FBE49-311D-4AEC-8D9D-24BFC4C8AE9D}
AV: Trend Micro Client/Server Security Agent Antivirus (Disabled - Up to date) {93353F2B-6D1F-4A44-8581-DC5235A2FC0A}
FW: Trend Micro Client-Server Security Agent Firewall (Disabled) {93353F2B-6D1F-4A44-8581-DC5235A2FC0A}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.6.602.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (Version: 14.0.3684 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
Bing Bar (Version: 7.3.124.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (Version:  - Browsersafeguard) <==== ATTENTION
BS32MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Check Point SSL Network Extender (Version: 7.01.0000 - CheckPoint)
Cisco WebEx Meetings (Version:  - Cisco WebEx LLC)
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0 - CCCP Project)
DCP32MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Dell Control Point (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (Version: 1.6.326.57 - Dell Inc.)
Dell ControlPoint System Manager (Version: 1.3.00000 - Dell Inc.)
Dell ControlVault Host Components Installer (Version: 1.7.324.55 - Broadcom Corporation) Hidden
Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.062 - Wave Systems Corp) Hidden
Dell Resource CD (Version: 1.00.0000 - Dell Inc.)
Dell Security Device Driver Pack (Version: 1.3.039 - Dell Inc.)
Document Manager Lite (Version: 06.09.00.104 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 03.09.00.092 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 03.09.00.102 - Wave Systems Corp) Hidden
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESC Home Page Plugin (Version: 03.04.00.029 - Wave Systems Corp) Hidden
Gemalto (Version: 01.01.00.0000 - Wave Systems Corp) Hidden
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
IDT Audio (Version: 1.0.6159.0 - IDT)
Integrated Webcam Driver (1.06.03.0309)   (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Graphics Media Accelerator Driver (Version:  - Intel Corporation)
Intel® Network Connections Drivers (Version:  - )
Intel® PROSet/Wireless WiFi Software (Version: 13.03.0000 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 17 (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Learn.com Player (Uninstall Only) (Version:  - )
Lightspark 0.5.3-git (Version: 0.5.3-git - Lightspark Team)
Logitech SetPoint 6.30 (Version: 6.30.43 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access 2003 Runtime (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.190 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile App Sync (Version:  - Mobile App Sync)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (Version: 6.00.3883.8 - Microsoft Corporation) Hidden
NetWaiting (Version: 2.5.54 - BVRP Software, Inc)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
PANTECH USB Modem V2 (Version: 1.2.7000.720 - PANTECH CO.,LTD)
PowerDVD DX (Version: 8.2.5408 - CyberLink Corp.)
Preboot Manager (Version: 02.09.00.071 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 06.04.00.047 - Wave Systems Corp.) Hidden
RICOH R5C83x/84x Media Driver Ver.3.53.02 (Version: 3.53.02 - )
Security Wizards (Version: 01.07.00.016 - Your Company Name) Hidden
Skype Toolbars (Version: 5.5.7896 - Skype Technologies S.A.)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
SO32MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) Hidden
SRS Premium Sound (Version: 1.08.1400 - SRS Labs, Inc.)
TOSHIBA e-STUDIO AddressBook Viewer (Version: 1.08.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO File Downloader (Version: 1.09.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO Remote Scan driver (Version: 1.08.000 - TOSHIBA TEC CORPORATION)
TOSHIBA e-STUDIO TWAIN Driver (Version: 1.08.000 - TOSHIBA TEC CORPORATION)
Trend Micro Client/Server Security Agent (Version: 16.0.4148 - Trend Micro)
Trusted Drive Manager (Version: 3.1.0.116 - Wave Systems Corp.) Hidden
tsp patch (Version: 01.00.00.0000 - Wave Systems Corp) Hidden
UniPrint Client 4.0 (Version: 4.0.6 - UniPrint, a division of GFI Business Solutions Inc.)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Verizon Wireless UM190 Firmware Updates (Version: 1.0.3 - Smith Micro Software, Inc.)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VNC Free Edition 4.1.1 (Version: 4.1.1 - RealVNC Ltd.)
VZAccess Manager (Version: 7.3.15.0 - Smith Micro Software Inc.)
Wave Infrastructure Installer (Version: 07.00.21.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.046 - Wave Systems Corp) Hidden
WeatherBug (Version: 7.0.0.11 - Earth Networks, Inc.)
WebEx Productivity Tools (Version: 2.0.1101 - WebEx Communications Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WIDCOMM Bluetooth Software (Version: 5.5.0.3208 - Dell)
Win2PDF 3.0.1 (Version: 3.0.1 - Dane Prairie Systems, LLC.)
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
WinPcap 4.1.1 (Version: 4.1.0.1753 - CACE Technologies)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2008-04-14 06:00 - 2008-04-14 06:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{734054B0-7094-48BA-A941-59479B40EF68}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{ACB40F4C-3AC9-4143-81DC-FE4B3D23F97E}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

System error 1084 has occurred.

This service cannot be started in Safe Mode


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 1999.83 MB
Available physical RAM: 1724.08 MB
Total Pagefile: 3895.28 MB
Available Pagefile: 3829.51 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.69 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.23 GB) (Free:11.72 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HP OJ8600) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
Drive e: (HITMANPRO) (Removable) (Total:7.44 GB) (Free:7.41 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 119 GB) (Disk ID: A42D04A3)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 6974DB7D)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 31 January 2014 - 05:45 PM

Download the enclosed file.

 

Save it in the same location FRST is.

 

Run FRST and click on the Fix button. Wait until finished.

 

Type the following in the edit box on FRST, after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the logs (Search.txt) and (Fixlog.txt) the tool will make in the same location FRST is in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 03 February 2014 - 10:07 AM

I ran FRST as advised. I'm attaching the logs generated. The laptop still locks up when booting normally. Hopefully this will resolve itself once the infection is cleared up.

Attached Files



#9 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 03 February 2014 - 01:13 PM

Download the enclosed file.

 

Save it in the same location FRST is.

 

Run FRST and click on the Fix button. Wait until finished.

 

The tool will make a log, (Fixlog.txt). Please post it to your reply.

 

Download and install Windows Repair:
http://www.techspot.com/downloads/5314-tweaking-windows-repair.html

When Windows Repair opens, click the Start Repairs tab. Click Start. Unselect all the boxes except for the following:

- Reset Registry Permissions
- Reset File Permissions
- Repair WMI
- Repair Windows Firewall

Then click Start. Once it's finished, restart your computer and Test.

 

Let me know how is it doing.
 


Edited by JSntgRvr, 03 February 2014 - 01:27 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 03 February 2014 - 01:27 PM

Please note:

 

Post #9 Edited.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 03 February 2014 - 02:35 PM

I got mixed results. I ran FRST from safe mode and it completed. I tried to run Windows Repair while in safe mode. I couldn't expand the window enough to get the start button to show so I could run the program after changing the settings. I booted normally and ran the scan. I rebooted and it hasn't made much of a difference since windows is still freezing up after a minute or so.. It seems that when I attempt to run a program this is about when Windows freezes on me. I hit control+alt+delete and hit shutdown.. It is now completely locked up.. I can move the mouse and that's it.. Windows never shutdown nor did a shutdown menu pop up (Shutdown/Restart/Sleep). Gotta power off the laptop to shut it down..

I'd like to find the lil twerp(s) that wrote this virus.. I've got a few things I'd like to do to them that would make Saddam Hussein cringe..

 

 

FRST LOG FILE:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by flxadmin at 2014-02-03 12:35:13 Run:2
Running from C:\Documents and Settings\Administrator\Desktop\FRST
Boot Mode: Safe Mode (minimal)

==============================================

Content of fixlist:
*****************
Start
Replace: C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll C:\WINDOWS\system32\rpcss.dll
End


*****************

C:\WINDOWS\system32\rpcss.dll => Moved successfully.
C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll copied successfully to C:\WINDOWS\system32\rpcss.dll

==== End of Fixlog ====



#12 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 03 February 2014 - 02:39 PM

I can boot normally and into safe mode.. If I try to boot into safe mode with networking it will blue screen and restart..



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 03 February 2014 - 06:11 PM

Run the following application in Normal Mode:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is ran.
  • Please copy and paste the log to your reply.

Edited by JSntgRvr, 03 February 2014 - 06:56 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 RajunCajun

RajunCajun
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 04 February 2014 - 09:39 AM

Results of FSS scan:

 

Farbar Service Scanner Version: 02-02-2014
Ran by flxadmin (administrator) on 04-02-2014 at 08:32:14
Running from "E:\"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0A00000005000000010000000200000003000000040000000A00000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,823 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:05:10 PM

Posted 04 February 2014 - 11:41 AM

Re-Scan with FRST. This time around put a checkmakrk under addition.txt and click on the Scan button. Post the new FRST.txt and Additional.txt logs.

 

Any improvement?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users