Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot log into Windows 7 Pro, get a black screen


  • This topic is locked This topic is locked
115 replies to this topic

#1 icub4ucme

icub4ucme

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 12 February 2014 - 12:09 PM

  1. I do not know the name of this virus but it seems to be a rootkit type.
  2.  I tried to log into windows 7 pro and got a black screen.  Originally I got an error that the file SndVolSSO.DLL was not designed to run on windows or there was an error and to reinstall the file.  I used a recovery or repair disk to get to the recovery environment and followed the instructions.
  3. I might note that the file SndVolSSO.DLL disappeared and has  been replaced by one that states this file d3dio_1core.dll  was not designed to run on windows or there was an error and to reinstall the file.  This  d3dio_1core.dll  error came up after I restored my system and got the limited functionality when I finally did log in.

 

  1.  Weran a sfc / scannow and it said there were files that were fixed and some that were corrupted but it could not fix all of them and said there was a log in CBS which we saved.  We ran it as this sfc /scannow /offbootdir=C:\  /offwindir=C:\windows and that made it scan correctly he thought for some files but he still got the same message after the scan  that some files could  not be fixed and saved the CBS log file. 
  2. Did the start up repair and got the message that it could not find any problems in the start up files.
  3.  I Have an error that appears when I log into my desktop says unable to find local data files.  I get this coming up anytime I try to open my browser which is chrome. It would not reinstall.   I can run internet explorer without to much trouble but it crashes whenever I try to do too much. Like save a bookmark or open too many tabs.    There are a few other things we noticed and listed them below.  I am not considered to be an advanced user by any means a friend who is much more knowledgeable than I am has been helping me but he is stumped by this activity and I fear that he and I may have messed things up more than corrected them.   I will leave this to your expertise and do as you advise.  Hope you can help.  Below is a list of some things we noticed going haywire.
  4. An error  comes up in a dialogue box saying the Device drivers software were not successfully installed.  I got this when I logged in a second time with my flash drive loaded but, he said he can see the device in windows explorer and all the folders in it and it appears to work ok . I have other errors that state unable to load local data files.  He did a screen shot of those 2 errors if you need to see them
  5. In my programs and features most of the programs in the add/remove programs are grayed out when I try to run one of them I get the same unable to find local data files
  6. Task manager seems to be acting different for instance it is set to stay on top of all other windows and it does not.
  7. I have no documents. I click to open it and nothing opens
  8. It has knocked out my printer
  9. He tried to run a command to fix the registry entry but there was no listing for that registry item. The command was REG LOAD HKLM\Tempsoft :\Windows\System32\config\software  enter and got nothing.  I checked the registry and there was no entry that I could modify the userinit value.
  10. He tried to run tweaking.com registry back up and it gave me an error that the computer name info was different from the back up and it would be dangerous to run it, so he did not  he checked the system from the control panel to see if the name had been changed but it had not but it doesn’t show the processors or the ram or the system rating which he attributed to the local data files missing issue.
  11.  I cannot search from the start bar or in windows explorer
  12. Errors stating cannot access the windows management instrumentation software.  Windows management files may be moved or missing.
  13. The machine doesn’t seem to be running any slower.
  14. Windows firewall is running
  15.  I hope you can help me out.  I will leave this alone until I hear from you.  DDS file follows and the other is attached

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428
Run by Administrator II at 9:32:22 on 2014-02-12
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\CISVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Belkin\F9L1109\v1\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\System32\dinotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\EMET 4.1\EMET_Agent.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Belkin\F9L1109\v1\EzWPSUI.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [EDFAE84CC54EBD3E315F531AD785D999B5289078._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [ToolwizTimeFreeze] "c:\program files\toolwiz time freeze 2014\ToolwizTimeFreeze.exe" -autorun
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [EMET 4.1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ac950.lnk - c:\program files\belkin\f9l1109\v1\EzWPSUI.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: DisableStartupSound = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{561F6DE5-0C1F-4FCD-85B0-7EBBB7426627} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{698B052E-D34C-492E-B928-C2D05105F967} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{698B052E-D34C-492E-B928-C2D05105F967} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-02-12 13:00:00 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c49e6a0-6d55-41f1-bae1-74cfae62e722}\offreg.dll
2014-02-12 06:38:05 -------- d-----w- C:\FRST
2014-02-11 16:15:36 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2c49e6a0-6d55-41f1-bae1-74cfae62e722}\mpengine.dll
2014-02-11 00:33:21 -------- d-----w- C:\command line toolkit
2014-02-10 22:37:14 -------- d-----w- c:\program files\NT Registry Optimizer
2014-02-08 13:00:45 -------- d---a-w- C:\cce_linux
2014-01-27 12:26:25 33040 ----a-w- c:\windows\system32\drivers\TWZFILE.sys
2014-01-27 12:26:24 66704 ----a-w- c:\windows\system32\drivers\TWZDISK.sys
2014-01-27 12:26:23 -------- d-----w- C:\TOOLWIZTIMEFREEZE
2014-01-27 12:26:23 -------- d-----w- c:\program files\Toolwiz Time Freeze 2014
2014-01-24 05:20:57 -------- d-----w- c:\program files\Defraggler
2014-01-23 07:41:01 -------- d-----w- c:\program files\SecurityXploded
2014-01-22 12:20:52 -------- d-----w- c:\program files\Tweaking.com
2014-01-21 08:18:44 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-21 08:12:39 -------- d-----w- c:\program files\EMET 4.1
2014-01-19 22:37:15 -------- d-----w- c:\users\administrator ii\appdata\local\HP
2014-01-18 04:07:20 -------- d-----w- c:\users\administrator ii\appdata\local\Adobe
2014-01-16 23:41:27 -------- d-----w- c:\users\administrator ii\appdata\local\Programs
2014-01-16 23:41:06 216064 ----a-w- c:\windows\system32\gcapi_dll.dll
2014-01-15 17:49:01 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 17:49:00 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 17:49:00 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 17:49:00 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 17:49:00 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 17:49:00 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 17:49:00 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 17:49:00 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 04:35:38 -------- d-----w- c:\program files\PrivaZer
2014-01-14 14:39:50 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2014-02-10 06:25:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-10 06:25:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-01-25 04:59:33 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-25 04:59:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-25 04:59:33 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-25 04:59:32 43152 ----a-w- c:\windows\avastSS.scr
2014-01-19 16:00:59 86608 ----a-w- c:\windows\system32\drivers\arcsas.sys.bak
2014-01-16 16:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 15:45:53 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 14:57:26 403440 ----a-w- c:\windows\system32\drivers\mksosdpz.sys
2013-11-30 08:19:12 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-11-30 08:19:12 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-11-26 10:03:02 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:03:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 10:03:01 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:03:01 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 10:03:01 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 10:03:00 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 10:03:00 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:03:00 337408 ----a-w- c:\windows\system32\html.iec
2013-11-26 10:02:59 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-26 10:02:59 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 10:02:59 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 10:02:59 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 10:02:59 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 10:02:58 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 10:02:58 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 10:02:58 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 10:02:57 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 10:02:57 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 10:02:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 10:02:57 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 21:42:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 21:42:34 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-21 17:14:06 150672 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
2013-11-21 17:14:00 549520 ----a-w- c:\windows\apppatch\EMET.dll
.
============= FINISH:  9:32:45.61 ===============

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 AM

Posted 17 February 2014 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/524075 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 17 February 2014 - 02:02 PM

There hasn't been many changes since I posted this except to say that the error that originally stated C:\Windows\system32\SndVolSSO.DLL is not designed to run on windows or it contains an error, try reinstalling the program. That was that was the first error I received and after that when I logged into windows 7 pro 32 bit there was a black screen. 

He used a recovery or repair disk to get to the recovery environment and followed the instructions.

 

I do not have the original windows disk just the repair disk.  He tried the start up repair and got a message that it did not find anything in the start up files. He ran this 3 times I think

 

We ran a sfc / scannow and it said there were files that were fixed and some that were corrupted but it could not fix all of them and said there was a log in CBS which we saved.  We ran it as this sfc /scannow /offbootdir=C:\  /offwindir=C:\windows and that made it scan correctly he thought for some files but he still got the same message after the scan  that some files could  not be fixed and saved the CBS log file.  He ran this 3 times also I believe

 

He tried to run a command to fix the registry entry but there was no listing for that registry item. The command was REG LOAD HKLM\Tempsoft :\Windows\System32\config\software  enter and got nothing.  He checked the registry and there was no entry that he could modify the userinit value.

 

Then he tried system restore.  He must have tried system restore a dozen times and kept getting errors for each attempted restore date he selected.  He the error said that it could not read the memory located at 0x011b00eb.  As he worked with restore points that were closer to the time that the system failed he finally got a restore point to work.  It was the date just before a windows update had been installed so he thought that maybe the update had messed with the system so he tried to find the update that might have caused the issue and was unsuccessful as he could not remember the commands in the command prompt window to locate the files from the update.  He continued trying to run scans with various programs he downloaded from his laptop including sfc / scannow.  He ran that a few times more after he did cans and they did whatever they were supposed to do and finally something was changed that gave my buddy encouragement and when he rebooted we got into windows but got errors immediately but we could see the desktop with limited functionality.  The first error he got was device driver not installed this was from a flash drive.  he said he can see the device in windows explorer and all the folders in it and it appears to work ok . I have other errors that state unable to load local data files.  He did a screen shot of those 2 errors if you need to see them. then we got a 3rd error "one that states this file d3dio_1core.dll  was not designed to run on windows or there was an error and to reinstall the file.  He rebooted and the original error "C:\Windows\system32\SndVolSSO.DLL is not designed to run on windows or it contains an error, try reinstalling the program" did not show this time it appeared to have been replaced by the error listed above file d3dio_1core.dll  was not designed to run on windows or there was an error and to reinstall the file.

So now we are in windows with this limited functionality and we started finding that there were many things we could not do.   I tried to open my browser which is chrome. It would not load properly and got the error "unable to find local data files please reinstall"   I can run internet explorer without to much trouble but it crashes whenever I try to do too much. Like save a bookmark or open too many tabs. 

In my programs and features most of the programs in the add/remove programs are grayed out when I try to run one of them I get the same unable to find local data file

The manager seems to be acting different for instance it is set to stay on top of all other windows and it does not.  I have no documents. I click to open it and nothing opens. 

It has knocked out my printer.  He tried to run a command to fix the registry entry but there was no listing for that registry item. The command was REG LOAD HKLM\Tempsoft :\Windows\System32\config\software  enter and got nothing.  I checked the registry and there was no entry that I could modify the userinit value. He tried to run tweaking.com registry back up and it gave me an error that the computer name info was different from the back up and it would be dangerous to run it, so he did not  he checked the system from the control panel to see if the name had been changed but it had not but it doesn’t show the processors or the ram or the system rating which he attributed to the local data files missing issue.

I cannot search from the start bar or in windows explorer.  I stating cannot access the windows management instrumentation software.  Windows management files may be moved or missing.  The machine doesn’t seem to be running any slower.  Windows firewall is running.  I've run various anti virus programs since I posted this and I've been getting some results from spybot regarding some rootkits.  I have the log files and it has quarantined them and they keep replicating themselves.  Every time I run it and it pulls the same files and possibly adds another.  They are found in the oddest places. It also quarantined some files from the registry that looked like machine language or gibberish.  I was unable to delete them through Spybot so I checked the registry and they were there alright and I never touched them.  My buddy ran the event viewer and there are many many errors .   I am overwhelmed with all of these errors and at a loss what to do so I am leaving this in your capable hands.  As I stated before we probably did more damage than good.

 

I did as instructed and downloaded a new DDS and ran it and pasted the results below and attached the attach text file to this post.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by Administrator II at 10:31:00 on 2014-02-17
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\CISVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\System32\snmp.exe
C:\Program Files\Belkin\F9L1109\v1\WifiSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\EMET 4.1\EMET_Agent.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe
C:\Program Files\Belkin\F9L1109\v1\EzWPSUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
uRun: [ToolwizTimeFreeze] "c:\program files\toolwiz time freeze 2014\ToolwizTimeFreeze.exe" -autorun
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [EMET 4.1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ac950.lnk - c:\program files\belkin\f9l1109\v1\EzWPSUI.exe
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: DisableStartupSound = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{561F6DE5-0C1F-4FCD-85B0-7EBBB7426627} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{698B052E-D34C-492E-B928-C2D05105F967} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{698B052E-D34C-492E-B928-C2D05105F967} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-02-17 07:36:11 -------- d-----w- c:\program files\Paint.NET
2014-02-17 07:34:04 -------- d-----w- c:\users\administrator ii\appdata\local\Paint.NET
2014-02-16 21:10:14 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{587c78fa-60a2-42cc-8136-e97799351b97}\offreg.dll
2014-02-16 09:53:36 -------- d-----w- c:\users\administrator ii\Doctor Web
2014-02-14 11:35:27 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{587c78fa-60a2-42cc-8136-e97799351b97}\mpengine.dll
2014-02-13 14:50:21 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 14:36:39 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-02-13 07:10:43 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 07:10:43 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 07:10:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 07:10:41 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 04:19:19 -------- d-----w- c:\users\administrator ii\appdata\roaming\HpUpdate
2014-02-12 06:38:05 -------- d-----w- C:\FRST
2014-02-11 00:33:21 -------- d-----w- C:\command line toolkit
2014-02-10 22:37:14 -------- d-----w- c:\program files\NT Registry Optimizer
2014-02-08 13:00:45 -------- d---a-w- C:\cce_linux
2014-01-27 12:26:25 33040 ----a-w- c:\windows\system32\drivers\TWZFILE.sys
2014-01-27 12:26:24 66704 ----a-w- c:\windows\system32\drivers\TWZDISK.sys
2014-01-27 12:26:23 -------- d-----w- C:\TOOLWIZTIMEFREEZE
2014-01-27 12:26:23 -------- d-----w- c:\program files\Toolwiz Time Freeze 2014
2014-01-24 05:20:57 -------- d-----w- c:\program files\Defraggler
2014-01-23 07:41:01 -------- d-----w- c:\program files\SecurityXploded
2014-01-22 12:20:52 -------- d-----w- c:\program files\Tweaking.com
2014-01-21 08:18:44 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-21 08:12:39 -------- d-----w- c:\program files\EMET 4.1
2014-01-19 22:37:15 -------- d-----w- c:\users\administrator ii\appdata\local\HP
.
==================== Find3M  ====================
.
2014-02-14 07:16:59 13824 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-02-14 07:15:59 89168 ----a-w- c:\windows\system32\drivers\lsi_sas.sys.bak
2014-02-14 07:14:59 53312 ----a-w- c:\windows\system32\drivers\AMDAGP.SYS.bak
2014-02-14 07:14:59 14912 ----a-w- c:\windows\system32\drivers\amdide.sys.bak
2014-02-14 07:14:58 53312 ----a-w- c:\windows\system32\drivers\AGP440.sys.bak
2014-02-14 07:14:58 14400 ----a-w- c:\windows\system32\drivers\aliide.sys.bak
2014-02-14 07:14:57 49152 ----a-w- c:\windows\system32\drivers\agilevpn.sys.bak
2014-02-14 07:14:56 338944 ----a-w- c:\windows\system32\drivers\afd.sys.bak
2014-02-14 07:14:56 146512 ----a-w- c:\windows\system32\drivers\adpu320.sys.bak
2014-02-14 07:14:55 422976 ----a-w- c:\windows\system32\drivers\adp94xx.sys.bak
2014-02-14 07:14:55 297552 ----a-w- c:\windows\system32\drivers\adpahci.sys.bak
2014-02-14 07:14:54 10240 ----a-w- c:\windows\system32\drivers\acpipmi.sys.bak
2014-02-14 07:14:53 274304 ----a-w- c:\windows\system32\drivers\acpi.sys.bak
2014-02-14 07:14:53 164864 ----a-w- c:\windows\system32\drivers\1394ohci.sys.bak
2014-02-14 07:14:52 54784 ----a-w- c:\windows\system32\drivers\1394bus.sys.bak
2014-02-10 06:25:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-10 06:25:11 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-25 04:59:33 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-25 04:59:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-25 04:59:33 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-25 04:59:32 43152 ----a-w- c:\windows\avastSS.scr
2014-01-16 16:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 15:45:53 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-12 14:57:26 403440 ----a-w- c:\windows\system32\drivers\mksosdpz.sys
2013-11-30 08:19:12 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-11-30 08:19:12 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-11-27 01:14:25 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13:44 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 10:10:21 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 10:03:02 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-26 10:03:02 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-26 10:03:01 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-26 10:03:01 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-26 10:03:01 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-26 10:03:00 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-26 10:03:00 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-26 10:03:00 337408 ----a-w- c:\windows\system32\html.iec
2013-11-26 10:02:59 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-26 10:02:59 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-26 10:02:59 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-26 10:02:59 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-26 10:02:58 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-26 10:02:58 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-26 10:02:58 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-26 10:02:57 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-26 10:02:57 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-26 10:02:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-26 10:02:57 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-22 21:42:35 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-22 21:42:34 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-21 17:14:06 150672 ----a-w- c:\windows\apppatch\apppatch64\EMET64.dll
2013-11-21 17:14:00 549520 ----a-w- c:\windows\apppatch\EMET.dll
.
============= FINISH: 10:32:15.12 ===============

 

I will await your instructions and thanks for the assistance.  I was getting ready to use this PC for a boat anchor but, I'm feeling better just posting these things for you guys and gals.  I hope you are successful.
 

 

 

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 18 February 2014 - 06:01 PM

Greetings icub4ucme and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Looks like we have quite a mess on our hands. I would like to gather some additional information before we put on the boxing gloves. :)

Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 18 February 2014 - 07:05 PM

Gary thank you for helping me out with this.  My name is Michael and I will do my best to to be prompt on my replies as to not take too much of your time.  I won't run any scans I can access the internet and by doing so will that disturbe what we are doing accessing

Here are the two logs you requested

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Administrator II (administrator) on MLSADMIN-PC on 18-02-2014 16:29:52
Running from C:\Users\Administrator II\Desktop
Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
() C:\Program Files\Belkin\F9L1109\v1\WifiSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\EMET 4.1\EMET_Agent.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Toolwiz) C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe
(TODO: <Company name>) C:\Program Files\Belkin\F9L1109\v1\EzWPSUI.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_44_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-01-24] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [EMET 4.1 Agent] - C:\Program Files\EMET 4.1\EMET_agent.exe [78992 2013-11-21] (Microsoft Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-08-25] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] ()
HKU\S-1-5-20\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\Sidebar.exe [1174016 2010-11-20] ()
HKU\S-1-5-21-1585898388-1519241596-1347238534-1005\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-1585898388-1519241596-1347238534-1005\...\Run: [ToolwizTimeFreeze] - C:\Program Files\Toolwiz Time Freeze 2014\ToolwizTimeFreeze.exe [1662224 2014-01-27] (Toolwiz)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4F4A969EAE26CF01
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{698B052E-D34C-492E-B928-C2D05105F967}: [NameServer]8.8.8.8,8.8.4.4

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR RestoreOnStartup: "https://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-11]
CHR Extension: (Google Drive) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-11]
CHR Extension: (YouTube) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-11]
CHR Extension: (Google Search) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-11]
CHR Extension: (avast! Online Security) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-11]
CHR Extension: (Google Wallet) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-11]
CHR Extension: (Gmail) - C:\Users\Administrator II\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-11]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-10-15]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-24] (AVAST Software)
S3 dot3svc; C:\Windows\System32\dot3svc.dll [214016 2010-11-20] ()
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [556544 2010-11-20] ()
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-02-13] (SurfRight B.V.)
S2 LanmanServer; C:\Windows\system32\srvsvc.dll [168960 2010-11-20] ()
S3 napagent; C:\Windows\system32\qagentRT.dll [330240 2010-11-20] ()
S4 RunSwUSB; C:\Windows\runSW.exe [36864 2012-09-20] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 WSAC950; C:\Program Files\Belkin\F9L1109\v1\WifiSvc.exe [299008 2012-12-25] ()
S3 SG; C:\Users\ADMINI~1\AppData\Local\Temp\SG.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-11-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-11-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-24] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-01-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-18] ()
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [19688 2012-09-21] (Logitech Inc.)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-11-30] (GFI Software)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] ()
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1807072 2012-12-27] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [49664 2012-08-23] ()
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [66704 2014-01-27] (Toolwiz.com)
R1 TWZFILE; C:\Windows\system32\Drivers\TWZFILE.sys [33040 2014-01-27] (Toolwiz.com)
S3 MEMSWEEP2; \??\C:\Windows\system32\ED1C.tmp [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
U3 TrueSight; \??\ [X]
U3 mbr; \??\C:\Users\ADMINI~1\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-18 16:29 - 2014-02-18 16:30 - 00010393 _____ () C:\Users\Administrator II\Desktop\FRST.txt
2014-02-18 16:27 - 2014-02-18 16:27 - 01141248 _____ (Farbar) C:\Users\Administrator II\Desktop\FRST.exe
2014-02-17 11:31 - 2014-02-17 11:31 - 00005555 _____ () C:\Users\Administrator II\Desktop\Attach.zip
2014-02-17 10:32 - 2014-02-17 10:32 - 00012813 _____ () C:\Users\Administrator II\Desktop\dds.txt
2014-02-17 10:32 - 2014-02-17 10:32 - 00005555 _____ () C:\Users\Administrator II\Desktop\attach.txt
2014-02-17 00:36 - 2014-02-17 00:36 - 00001176 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\Program Files\Paint.NET
2014-02-17 00:34 - 2014-02-17 00:37 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\Paint.NET
2014-02-17 00:31 - 2014-02-17 00:31 - 00000000 ____D () C:\Users\Administrator II\Downloads\Paint.NET.3.5.11.Install
2014-02-17 00:27 - 2014-02-17 00:28 - 03739157 _____ () C:\Users\Administrator II\Downloads\Paint.NET.3.5.11.Install.zip
2014-02-16 02:53 - 2014-02-16 02:53 - 00000000 ____D () C:\Users\Administrator II\Doctor Web
2014-02-16 01:48 - 2014-02-16 01:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2af3ec14d437.job
2014-02-14 00:17 - 2014-02-14 00:17 - 00066704 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZDISK.sys.bak
2014-02-14 00:17 - 2014-02-14 00:17 - 00033040 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZFILE.sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial(6464).sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus(6462).sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum(6463).sys.bak
2014-02-14 00:15 - 2014-02-14 00:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir(6461).sys.bak
2014-02-14 00:15 - 2014-02-14 00:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys.bak
2014-02-14 00:04 - 2014-02-14 00:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MLSADMIN-PC--(32-bit).dat
2014-02-13 23:25 - 2014-02-13 23:25 - 00265649 _____ () C:\Users\Administrator II\Desktop\TeamSpybot-20140213-232517.cab
2014-02-13 07:55 - 2014-02-06 03:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 07:55 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 07:55 - 2014-02-06 03:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 07:55 - 2014-02-06 03:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 07:55 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 07:55 - 2014-02-06 02:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 07:55 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 07:55 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 07:55 - 2014-02-06 02:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 07:55 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 07:55 - 2014-02-06 02:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 07:55 - 2014-02-06 02:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 07:55 - 2014-02-06 02:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 07:55 - 2014-02-06 02:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 07:55 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 07:55 - 2014-02-06 02:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 07:55 - 2014-02-06 02:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 07:55 - 2014-02-06 02:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 07:55 - 2014-02-06 01:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 07:55 - 2014-02-06 01:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 07:55 - 2014-02-06 01:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 07:50 - 2013-12-21 01:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 07:36 - 2014-02-13 07:36 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-13 00:33 - 2014-02-17 11:07 - 00000000 ____D () C:\Users\Administrator II\Desktop\tools for virus
2014-02-13 00:10 - 2013-12-24 16:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 00:10 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 00:10 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 00:10 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 21:19 - 2014-02-12 21:19 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\HpUpdate
2014-02-11 23:38 - 2014-02-18 16:29 - 00000000 ____D () C:\FRST
2014-02-11 18:28 - 2014-02-11 17:56 - 00132794 ____R () C:\Windows\system32\Drivers\etc\hosts.20140211-182830.backup
2014-02-11 17:56 - 2014-02-09 07:13 - 00000820 _____ () C:\Windows\system32\Drivers\etc\hosts.20140211-175627.backup
2014-02-10 17:33 - 2014-02-10 18:47 - 00000000 ____D () C:\command line toolkit
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\michael standard\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Bernice\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Administrator II\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Admin\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-02-08 06:01 - 2014-02-09 06:35 - 58707968 _____ () C:\comodo_rescue_disk_2.0.275239.1.iso
2014-02-08 06:00 - 2014-02-08 08:33 - 00000000 ____D () C:\cce_linux
2014-02-08 00:24 - 2014-02-08 00:24 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-01-29 08:58 - 2014-01-29 08:58 - 00007158 _____ () C:\Users\Administrator II\Documents\Dear Mike.odt
2014-01-29 08:55 - 2014-01-29 08:55 - 00019616 _____ () C:\Users\Administrator II\Downloads\letter to Mike 1-25-14.odt
2014-01-28 17:34 - 2014-01-28 17:34 - 00598016 _____ () C:\Users\Administrator II\Downloads\Flip.jpeg
2014-01-27 05:26 - 2014-02-09 13:47 - 00000000 ____D () C:\TOOLWIZTIMEFREEZE
2014-01-27 05:26 - 2014-02-09 13:47 - 00000000 ____D () C:\Program Files\Toolwiz Time Freeze 2014
2014-01-27 05:26 - 2014-01-27 05:26 - 00066704 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZDISK.sys
2014-01-27 05:26 - 2014-01-27 05:26 - 00033040 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZFILE.sys
2014-01-27 03:37 - 2014-01-27 03:38 - 02986768 _____ (Toolwiz) C:\Users\Administrator II\Downloads\Setup_Timefreeze.exe
2014-01-23 22:20 - 2014-02-09 13:47 - 00000000 ____D () C:\Program Files\Defraggler
2014-01-23 00:41 - 2014-02-09 13:27 - 00000000 ____D () C:\Program Files\SecurityXploded
2014-01-23 00:41 - 2014-01-23 01:14 - 00001185 _____ () C:\Users\michael standard\Desktop\StreamArmor.lnk
2014-01-23 00:41 - 2014-01-23 01:14 - 00001185 _____ () C:\Users\Bernice\Desktop\StreamArmor.lnk
2014-01-23 00:41 - 2014-01-23 01:14 - 00001185 _____ () C:\Users\Administrator II\Desktop\StreamArmor.lnk
2014-01-23 00:41 - 2014-01-23 01:14 - 00001185 _____ () C:\Users\Admin\Desktop\StreamArmor.lnk
2014-01-22 13:08 - 2014-02-09 13:30 - 00000000 ____D () C:\Users\Administrator II\Downloads\StreamArmor
2014-01-22 11:26 - 2014-01-22 11:26 - 04468796 _____ () C:\Users\Administrator II\Downloads\StreamArmor.zip
2014-01-22 05:20 - 2014-02-09 13:28 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-01-21 05:31 - 2014-01-21 05:31 - 01708032 _____ () C:\Users\Administrator II\Downloads\MBSASetup-x86-DE.msi
2014-01-21 01:18 - 2013-11-26 04:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-21 01:12 - 2014-02-09 13:47 - 00000000 ____D () C:\Program Files\EMET 4.1
2014-01-21 00:48 - 2014-01-21 00:48 - 08584192 _____ () C:\Users\Administrator II\Downloads\EMET Setup.msi
2014-01-20 16:11 - 2014-02-16 12:33 - 00054128 _____ () C:\Windows\PFRO.log
2014-01-20 15:47 - 2014-01-20 15:47 - 03927696 _____ () C:\Users\Administrator II\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-20 13:02 - 2014-01-20 13:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Administrator II\Downloads\MicrosoftFixit.malware.Run.exe
2014-01-19 15:37 - 2014-02-11 15:46 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\HP
2014-01-19 09:01 - 2014-02-14 00:17 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00297040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00245632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00175360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00160128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00132424 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00110280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00104648 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00057424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00055888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00053632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00053328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00049664 _____ () C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00043392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00040704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00035968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00032832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00028032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00021632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00021072 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00019024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00017472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00014920 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00014912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00012240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:17 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 04261224 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LVUVC.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 02744800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 01807072 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 01383488 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\mksosdpz.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00310504 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00233344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00180288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00173440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00162896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00153984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00130432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00115792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00106064 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00105024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00096848 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00085376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00078208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00049728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00044624 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00043088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00042560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00041552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00030800 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00027712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00022656 _____ (Research In Motion Limited) C:\Windows\system32\Drivers\RimUsb.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00019688 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvbusflt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00013888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00012368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00008320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-01-19 09:01 - 2014-02-14 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 04805120 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 03100160 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbdx.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 01622640 _____ (Hauppauge Computer Works) C:\Windows\system32\Drivers\HCW85BDA.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00513536 _____ () C:\Windows\system32\Drivers\http.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00453712 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00430080 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbdx.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00332352 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00229888 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00198208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00159232 _____ (Intel Corporation) C:\Windows\system32\Drivers\e100b325.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00140864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00095824 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00089168 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00070720 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00058448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00057936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00057424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00055584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00054864 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00046656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00046160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00042576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00035408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00026704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00025168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00019024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00014080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00013560 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BdaSup.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-01-19 09:01 - 2014-02-14 00:15 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00086608 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00076368 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-01-19 09:00 - 2014-02-14 00:15 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00422976 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00297552 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00274304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00146512 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00053312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00053312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00014912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-01-19 09:00 - 2014-02-14 00:14 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak

==================== One Month Modified Files and Folders =======

2014-02-18 16:30 - 2014-02-18 16:29 - 00010393 _____ () C:\Users\Administrator II\Desktop\FRST.txt
2014-02-18 16:29 - 2014-02-11 23:38 - 00000000 ____D () C:\FRST
2014-02-18 16:27 - 2014-02-18 16:27 - 01141248 _____ (Farbar) C:\Users\Administrator II\Desktop\FRST.exe
2014-02-18 14:52 - 2013-05-18 22:08 - 01441895 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 11:31 - 2014-02-17 11:31 - 00005555 _____ () C:\Users\Administrator II\Desktop\Attach.zip
2014-02-17 11:07 - 2014-02-13 00:33 - 00000000 ____D () C:\Users\Administrator II\Desktop\tools for virus
2014-02-17 10:32 - 2014-02-17 10:32 - 00012813 _____ () C:\Users\Administrator II\Desktop\dds.txt
2014-02-17 10:32 - 2014-02-17 10:32 - 00005555 _____ () C:\Users\Administrator II\Desktop\attach.txt
2014-02-17 00:37 - 2014-02-17 00:34 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\Paint.NET
2014-02-17 00:36 - 2014-02-17 00:36 - 00001176 _____ () C:\Users\Public\Desktop\Paint.NET.lnk
2014-02-17 00:36 - 2014-02-17 00:36 - 00000000 ____D () C:\Program Files\Paint.NET
2014-02-17 00:36 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-17 00:31 - 2014-02-17 00:31 - 00000000 ____D () C:\Users\Administrator II\Downloads\Paint.NET.3.5.11.Install
2014-02-17 00:28 - 2014-02-17 00:27 - 03739157 _____ () C:\Users\Administrator II\Downloads\Paint.NET.3.5.11.Install.zip
2014-02-16 18:20 - 2013-12-15 14:39 - 00000000 ____D () C:\Users\Administrator II\Desktop\Rouge Killer reports
2014-02-16 12:41 - 2009-07-13 21:34 - 00016880 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:41 - 2009-07-13 21:34 - 00016880 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 12:34 - 2014-01-18 17:55 - 00003018 _____ () C:\Windows\setupact.log
2014-02-16 12:33 - 2014-01-20 16:11 - 00054128 _____ () C:\Windows\PFRO.log
2014-02-16 02:53 - 2014-02-16 02:53 - 00000000 ____D () C:\Users\Administrator II\Doctor Web
2014-02-16 02:53 - 2013-11-20 11:33 - 00000000 ____D () C:\Users\Administrator II
2014-02-16 01:48 - 2014-02-16 01:48 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2af3ec14d437.job
2014-02-15 01:10 - 2013-08-31 12:22 - 00004039 _____ () C:\Windows\wininit.ini
2014-02-14 00:23 - 2013-12-14 23:47 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\CrashDumps
2014-02-14 00:21 - 2013-12-13 06:22 - 00000000 ____D () C:\Users\Administrator II\Desktop\RK_Quarantine
2014-02-14 00:17 - 2014-02-14 00:17 - 00066704 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZDISK.sys.bak
2014-02-14 00:17 - 2014-02-14 00:17 - 00033040 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZFILE.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00297040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00245632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00175360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmbus.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00160128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00141904 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00132424 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdm.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00110280 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdserd.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00104648 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdbus.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00077888 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00057424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00055888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00053632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00053328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VIAAGP.SYS.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00053120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\viac7.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00052304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SISAGP.SYS.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00049664 _____ () C:\Windows\system32\Drivers\TsUsbFlt.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00043392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhv.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00040704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmstorfl.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00040016 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00035968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00032832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00028032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsc.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00025856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00021632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00021072 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00019024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VMBusHID.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00017472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00016976 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00014920 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdmdfl.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00014912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcmnt.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00012616 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdcm.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwhnt.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00012488 _____ (MCCI Corporation) C:\Windows\system32\Drivers\sscdwh.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00012240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak
2014-02-14 00:17 - 2014-01-19 09:01 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vms3cap.sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial(6464).sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus(6462).sys.bak
2014-02-14 00:16 - 2014-02-14 00:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum(6463).sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 04261224 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LVUVC.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 02744800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHDA.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 01807072 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 01383488 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\mksosdpz.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00310504 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00235584 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00233344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00180288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00173440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00162896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00153984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00140160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpdr.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00130432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00115792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00106064 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00105024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00096848 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00085376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00078208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00049728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00044624 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00043088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00042560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00041552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00030800 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00027712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00022656 _____ (Research In Motion Limited) C:\Windows\system32\Drivers\RimUsb.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00019688 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvbusflt.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00013888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00012368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parvdm.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00008320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00005888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00005504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak
2014-02-14 00:16 - 2014-01-19 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak
2014-02-14 00:15 - 2014-02-14 00:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir(6461).sys.bak
2014-02-14 00:15 - 2014-02-14 00:15 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 04805120 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd32.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 03100160 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbdx.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 01622640 _____ (Hauppauge Computer Works) C:\Windows\system32\Drivers\HCW85BDA.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00513536 _____ () C:\Windows\system32\Drivers\http.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00453712 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00430080 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbdx.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00332352 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00272128 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00229888 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60x.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00198208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00159232 _____ (Intel Corporation) C:\Windows\system32\Drivers\e100b325.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00140864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00095824 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00089168 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00070720 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\djsvs.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00067152 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00062336 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00058448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00057936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00057424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00055584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00054864 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00046656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00046160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00042576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00041040 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00035408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00026704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00026624 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00025168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00019024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00015952 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00014208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00014080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00013568 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00013560 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BdaSup.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00012160 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00011904 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00005248 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak
2014-02-14 00:15 - 2014-01-19 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00159312 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00086608 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00076368 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak
2014-02-14 00:15 - 2014-01-19 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00422976 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00297552 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00274304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00146512 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00053312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AMDAGP.SYS.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00053312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00014912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00014400 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak
2014-02-14 00:14 - 2014-01-19 09:00 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak
2014-02-14 00:04 - 2014-02-14 00:04 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MLSADMIN-PC--(32-bit).dat
2014-02-13 23:25 - 2014-02-13 23:25 - 00265649 _____ () C:\Users\Administrator II\Desktop\TeamSpybot-20140213-232517.cab
2014-02-13 07:55 - 2013-08-24 15:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 07:52 - 2013-08-24 15:10 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 07:36 - 2014-02-13 07:36 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-02-13 07:30 - 2013-11-22 02:29 - 00000000 ____D () C:\Program Files\HitmanPro
2014-02-12 21:19 - 2014-02-12 21:19 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\HpUpdate
2014-02-12 00:33 - 2013-08-27 04:22 - 00000000 ____D () C:\Windows\pss
2014-02-11 17:56 - 2014-02-11 18:28 - 00132794 ____R () C:\Windows\system32\Drivers\etc\hosts.20140211-182830.backup
2014-02-11 15:49 - 2014-01-10 16:41 - 00001226 _____ () C:\Users\Administrator II\Desktop\Revo Uninstaller.lnk
2014-02-11 15:49 - 2013-11-25 17:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-02-11 15:46 - 2014-01-19 15:37 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\HP
2014-02-10 20:02 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-10 18:47 - 2014-02-10 17:33 - 00000000 ____D () C:\command line toolkit
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\michael standard\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Guest\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Bernice\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Administrator II\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000982 _____ () C:\Users\Admin\Desktop\NTREGOPT.lnk
2014-02-10 15:37 - 2014-02-10 15:37 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-02-10 15:25 - 2013-11-26 03:57 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-09 23:25 - 2013-09-24 08:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-09 23:25 - 2013-09-24 08:37 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-09 22:02 - 2013-12-17 20:58 - 00000000 ____D () C:\ProgramData\Sophos
2014-02-09 13:49 - 2014-01-02 17:03 - 00000000 ____D () C:\Users\michael standard
2014-02-09 13:49 - 2013-12-24 15:47 - 00000000 ____D () C:\Users\DefaultAppPool
2014-02-09 13:49 - 2013-09-08 02:01 - 00000000 ____D () C:\Users\Guest
2014-02-09 13:49 - 2013-08-24 17:27 - 00000000 ____D () C:\Users\Bernice
2014-02-09 13:49 - 2013-05-18 22:11 - 00000000 ____D () C:\Users\Admin
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 __RSD () C:\Windows\Media
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\TAPI
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-02-09 13:49 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\ias
2014-02-09 13:48 - 2013-11-22 12:16 - 00000000 ____D () C:\Windows\ERUNT
2014-02-09 13:48 - 2013-08-26 00:47 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-02-09 13:48 - 2013-08-25 03:27 - 00000000 ____D () C:\Windows\system32\SPReview
2014-02-09 13:48 - 2013-08-25 03:27 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-02-09 13:48 - 2013-08-24 17:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-09 13:48 - 2009-07-14 00:50 - 00000000 ____D () C:\Windows\ShellNew
2014-02-09 13:48 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\twain_32
2014-02-09 13:48 - 2009-07-13 21:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-02-09 13:48 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-02-09 13:48 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public\Libraries
2014-02-09 13:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-09 13:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-02-09 13:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-02-09 13:48 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\security
2014-02-09 13:47 - 2014-01-27 05:26 - 00000000 ____D () C:\TOOLWIZTIMEFREEZE
2014-02-09 13:47 - 2014-01-27 05:26 - 00000000 ____D () C:\Program Files\Toolwiz Time Freeze 2014
2014-02-09 13:47 - 2014-01-23 22:20 - 00000000 ____D () C:\Program Files\Defraggler
2014-02-09 13:47 - 2014-01-21 01:12 - 00000000 ____D () C:\Program Files\EMET 4.1
2014-02-09 13:47 - 2014-01-14 21:35 - 00000000 ____D () C:\Program Files\PrivaZer
2014-02-09 13:47 - 2014-01-10 17:03 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\VSRevoGroup
2014-02-09 13:47 - 2014-01-02 17:03 - 00000000 ___RD () C:\Users\michael standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2014-01-02 17:03 - 00000000 ___RD () C:\Users\michael standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2013-12-29 18:09 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2014-02-09 13:47 - 2013-12-29 18:09 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\PrivaZer
2014-02-09 13:47 - 2013-12-29 18:09 - 00000000 ____D () C:\ProgramData\privazer
2014-02-09 13:47 - 2013-12-24 15:47 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2013-12-24 15:47 - 00000000 ___RD () C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2013-12-17 20:10 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\SUPERAntiSpyware.com
2014-02-09 13:47 - 2013-12-06 17:04 - 00000000 ____D () C:\Users\Admin\Desktop\TCPView 1
2014-02-09 13:47 - 2013-11-30 00:16 - 00000000 ____D () C:\Users\Admin\Desktop\RK_Quarantine
2014-02-09 13:47 - 2013-11-24 23:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2014-02-09 13:47 - 2013-11-24 23:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-09 13:47 - 2013-11-22 02:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-09 13:47 - 2013-11-20 23:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-02-09 13:47 - 2013-11-20 11:33 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2013-11-20 11:33 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2013-11-20 11:33 - 00000000 ____D () C:\Users\Administrator II\AppData\Local\Microsoft Help
2014-02-09 13:47 - 2013-10-14 03:20 - 00000000 ____D () C:\Users\Admin\Michael all info (no pics)
2014-02-09 13:47 - 2013-10-01 10:25 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-09 13:47 - 2013-09-16 18:37 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-09 13:47 - 2013-09-16 18:37 - 00000000 ____D () C:\Program Files\HP Photo Creations
2014-02-09 13:47 - 2013-09-08 02:01 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2013-09-08 02:01 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2013-08-31 16:29 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-02-09 13:47 - 2013-08-29 10:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-09 13:47 - 2013-08-26 12:11 - 00000000 ____D () C:\Users\Bernice\AppData\Local\Logitech® Webcam Software
2014-02-09 13:47 - 2013-08-26 06:07 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-02-09 13:47 - 2013-08-26 00:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-09 13:47 - 2013-08-24 22:07 - 00000000 ____D () C:\Users\Bernice\AppData\Local\Mozilla
2014-02-09 13:47 - 2013-08-24 21:57 - 00000000 ____D () C:\Users\Bernice\AppData\Local\Apps\2.0
2014-02-09 13:47 - 2013-08-24 17:27 - 00000000 ___RD () C:\Users\Bernice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2013-08-24 17:27 - 00000000 ___RD () C:\Users\Bernice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2013-05-18 22:21 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-02-09 13:47 - 2013-05-18 22:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-02-09 13:47 - 2013-05-18 22:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-09 13:47 - 2013-05-18 22:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-09 13:47 - 2013-05-18 22:11 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-09 13:47 - 2009-07-13 21:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-09 13:47 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\AppCompat
2014-02-09 13:46 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration
2014-02-09 13:32 - 2014-01-16 16:42 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-02-09 13:30 - 2014-01-22 13:08 - 00000000 ____D () C:\Users\Administrator II\Downloads\StreamArmor
2014-02-09 13:30 - 2013-12-17 20:58 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-02-09 13:30 - 2013-12-17 20:52 - 00000000 ____D () C:\Users\Administrator II\AppData\Roaming\Foxit Software
2014-02-09 13:29 - 2013-09-16 18:37 - 00000000 ____D () C:\ProgramData\Visan
2014-02-09 13:29 - 2013-09-16 18:33 - 00000000 ____D () C:\Users\Admin\AppData\Local\HP
2014-02-09 13:28 - 2014-01-22 05:20 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-02-09 13:28 - 2013-08-27 23:34 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-02-09 13:27 - 2014-01-23 00:41 - 00000000 ____D () C:\Program Files\SecurityXploded
2014-02-09 13:27 - 2013-08-26 00:47 - 00000000 ____D () C:\Program Files\Realtek
2014-02-09 13:27 - 2013-05-18 22:21 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-02-09 13:27 - 2013-05-18 22:21 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio
2014-02-09 13:27 - 2013-05-18 22:20 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-02-09 13:27 - 2013-05-18 22:19 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-09 13:26 - 2013-09-16 18:34 - 00000000 ____D () C:\Program Files\HP
2014-02-09 13:26 - 2013-08-26 07:03 - 00000000 ____D () C:\Program Files\Logitech
2014-02-09 13:25 - 2013-08-26 07:32 - 00000000 ____D () C:\Program Files\Foxit Software
2014-02-09 13:25 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-09 13:25 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-09 07:13 - 2014-02-11 17:56 - 00000820 _____ () C:\Windows\system32\Drivers\etc\hosts.20140211-175627.backup
2014-02-09 06:35 - 2014-02-08 06:01 - 58707968 _____ () C:\comodo_rescue_disk_2.0.275239.1.iso
2014-02-08 21:28 - 2013-10-14 03:20 - 00000000 ____D () C:\Users\Administrator II\Michael all info (no pics)
2014-02-08 08:44 - 2014-01-12 14:23 - 00000000 ____D () C:\Windows\Minidump
2014-02-08 08:33 - 2014-02-08 06:00 - 00000000 ____D () C:\cce_linux
2014-02-08 00:24 - 2014-02-08 00:24 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-02-08 00:24 - 2009-07-13 21:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-02-07 22:21 - 2013-09-08 16:58 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Foxit Software
2014-02-06 03:38 - 2014-02-13 07:55 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 03:20 - 2014-02-13 07:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 03:19 - 2014-02-13 07:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 03:01 - 2014-02-13 07:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 03:00 - 2014-02-13 07:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 02:57 - 2014-02-13 07:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 02:52 - 2014-02-13 07:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 02:52 - 2014-02-13 07:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 02:49 - 2014-02-13 07:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 02:47 - 2014-02-13 07:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 02:47 - 2014-02-13 07:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 02:46 - 2014-02-13 07:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 02:34 - 2014-02-13 07:55 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 02:25 - 2014-02-13 07:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 02:25 - 2014-02-13 07:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 02:13 - 2014-02-13 07:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 02:09 - 2014-02-13 07:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 02:03 - 2014-02-13 07:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 01:41 - 2014-02-13 07:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 01:36 - 2014-02-13 07:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 01:34 - 2014-02-13 07:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-01-30 11:48 - 2013-12-21 08:29 - 00007628 _____ () C:\Users\Administrator II\AppData\Local\Resmon.ResmonCfg
2014-01-29 08:58 - 2014-01-29 08:58 - 00007158 _____ () C:\Users\Administrator II\Documents\Dear Mike.odt
2014-01-29 08:55 - 2014-01-29 08:55 - 00019616 _____ () C:\Users\Administrator II\Downloads\letter to Mike 1-25-14.odt
2014-01-28 17:34 - 2014-01-28 17:34 - 00598016 _____ () C:\Users\Administrator II\Downloads\Flip.jpeg
2014-01-28 01:25 - 2013-10-14 14:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-27 21:04 - 2013-10-09 20:47 - 00109280 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-27 14:51 - 2009-07-13 21:53 - 00000006 _____ () C:\Windows\Tasks\SA.DAT
2014-01-27 05:26 - 2014-01-27 05:26 - 00066704 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZDISK.sys
2014-01-27 05:26 - 2014-01-27 05:26 - 00033040 _____ (Toolwiz.com) C:\Windows\system32\Drivers\TWZFILE.sys
2014-01-27 03:38 - 2014-01-27 03:37 - 02986768 _____ (Toolwiz) C:\Users\Administrator II\Downloads\Setup_Timefreeze.exe
2014-01-24 21:59 - 2013-12-18 08:45 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-24 21:59 - 2013-11-22 14:43 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-24 21:59 - 2013-11-22 14:42 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-24 21:59 - 2013-11-22 14:42 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-24 21:59 - 2013-11-22 14:42 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-24 21:59 - 2013-11-22 14:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-24 21:59 - 2013-10-14 13:44 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-23 01:14 - 2014-01-23 00:41 - 00001185 _____ () C:\Users\michael standard\Desktop\StreamArmor.lnk
2014-01-23 01:14 - 2014-01-23 00:41 - 00001185 _____ () C:\Users\Bernice\Desktop\StreamArmor.lnk
2014-01-23 01:14 - 2014-01-23 00:41 - 00001185 _____ () C:\Users\Administrator II\Desktop\StreamArmor.lnk
2014-01-23 01:14 - 2014-01-23 00:41 - 00001185 _____ () C:\Users\Admin\Desktop\StreamArmor.lnk
2014-01-22 11:26 - 2014-01-22 11:26 - 04468796 _____ () C:\Users\Administrator II\Downloads\StreamArmor.zip
2014-01-22 08:00 - 2014-01-03 17:29 - 00000962 __RSH () C:\ProgramData\ntuser.pol
2014-01-21 05:31 - 2014-01-21 05:31 - 01708032 _____ () C:\Users\Administrator II\Downloads\MBSASetup-x86-DE.msi
2014-01-21 00:48 - 2014-01-21 00:48 - 08584192 _____ () C:\Users\Administrator II\Downloads\EMET Setup.msi
2014-01-20 15:47 - 2014-01-20 15:47 - 03927696 _____ () C:\Users\Administrator II\Downloads\tweaking.com_registry_backup_setup.exe
2014-01-20 13:02 - 2014-01-20 13:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Administrator II\Downloads\MicrosoftFixit.malware.Run.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

 

 

Here is the Addition log

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Administrator II at 2014-02-18 16:30:48
Running from C:\Users\Administrator II\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

AC Wi-Fi Dual-Band USB Adapter (Version: 1.0.0.8 - Belkin)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
avast! Free Antivirus (Version: 9.0.2013 - Avast Software)
CameraHelperMsi (Version: 13.51.815.0 - Logitech) Hidden
CloudReading (Version: 1.1.47.1220 - Foxit Corporation)
Defraggler (Version: 2.15 - Piriform)
EMET 4.1 (Version: 4.1 - Microsoft Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit Reader (Version: 6.1.2.1224 - Foxit Corporation)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Drive (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HitmanPro 3.7 (Version: 3.7.9.212 - SurfRight B.V.)
HP Deskjet 1050 J410 series Basic Device Software (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (Version: 1.0.0.7702 - HP)
HP Update (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1912 - Intel Corporation)
Logitech Webcam Software (Version: 2.51 - Logitech Inc.)
LWS Facebook (Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
NTREGOPT 1.1j (Version:  - Lars Hederer)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PrivaZer (Version: 2.14.0.0 - Goversoft LLC)
Realtek High Definition Audio Driver (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Sophos Anti-Rootkit 1.5.23 (Version: 1.5.23 - Sophos Plc)
Sophos Virus Removal Tool (Version: 2.4 - Sophos Limited)
Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
SUPERAntiSpyware (Version: 5.6.1042 - SUPERAntiSpyware.com)
Toolwiz Time Freeze 2014 (Version: 2.2.0.3500 - Toolwiz)
Tweaking.com - Registry Backup (Version: 1.6.8 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Windows Deployment Tools (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (Version: 8.59.25584 - Microsoft)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2014-02-09 07:13 - 2014-02-14 00:19 - 00000741 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0DEA3531-EF01-4BF8-BB22-CEDF666E0783} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {2C4D6BD3-4DAF-461E-9C0A-2362D299E2C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {3E5BD586-3533-48F0-8499-718591F915EE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-24] (AVAST Software)
Task: {77836F51-8574-4755-8875-7B4011684D84} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-09] (Adobe Systems Incorporated)
Task: {8A865E45-4FD8-4EB0-9C49-CFF358E23E5D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A38B5AA6-9570-4B3E-BC3D-33342EA41BBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-24] (Google Inc.)
Task: {CA024E78-9B3C-457B-9013-873CD485E5F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {F379A3FC-1541-4DD7-98EC-734B2E845402} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2af3ec14d437.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe

==================== Loaded Modules (whitelisted) =============

2013-11-20 23:11 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-11-20 23:11 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-14 21:35 - 2014-01-14 21:35 - 02159159 _____ () C:\Program Files\PrivaZer\PrivaMenu3.dll
2013-10-15 20:48 - 2013-10-15 20:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-25 09:57 - 2012-09-26 10:54 - 00278528 _____ () C:\Program Files\Belkin\F9L1109\v1\WifiSvcLib.dll
2013-11-21 10:14 - 2013-11-21 10:14 - 00080528 _____ () C:\Program Files\EMET 4.1\EMET_CE.DLL

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\13905188.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\13905188.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: RunSwUSB => 2
MSCONFIG\startupfolder: C:^Users^Admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk.Startup
MSCONFIG\startupreg: EDFAE84CC54EBD3E315F531AD785D999B5289078._service_run => "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2014 02:30:45 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042313).

Error: (02/18/2014 02:30:40 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 02:30:16 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 02:29:52 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 02:29:28 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 02:29:04 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 00:02:05 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042313).

Error: (02/18/2014 00:02:05 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042313).

Error: (02/18/2014 00:02:00 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/18/2014 00:01:36 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The I/O writes cannot be flushed during the shadow copy creation period on volume \\?\Volume{b32c9aac-c041-11e2-9f95-806e6f6e6963}\.
The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
], Flush[0x80042313, The shadow copy provider timed out while flushing data to the volume being shadow copied. This is probably due to excessive activity on the volume. Try again later when the volume is not being used so heavily.
], Release[0x00000000, The operation completed successfully.
], OnRun[0x00000000, The operation completed successfully.
].

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

System errors:
=============
Error: (02/18/2014 04:29:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the LanmanServer service which failed to start because of the following error:
%%1062

Error: (02/18/2014 04:29:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the LanmanServer service which failed to start because of the following error:
%%193

Error: (02/18/2014 04:29:55 PM) (Source: Service Control Manager) (User: )
Description: The LanmanServer service terminated with the following error:
%%193

Error: (02/18/2014 04:29:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the LanmanServer service which failed to start because of the following error:
%%193

Error: (02/18/2014 04:29:55 PM) (Source: Service Control Manager) (User: )
Description: The LanmanServer service terminated with the following error:
%%193

Error: (02/18/2014 04:29:43 PM) (Source: Service Control Manager) (User: )
Description: The LanmanServer service terminated with the following error:
%%193

Error: (02/18/2014 04:29:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the LanmanServer service which failed to start because of the following error:
%%193

Error: (02/18/2014 04:29:43 PM) (Source: Service Control Manager) (User: )
Description: The LanmanServer service terminated with the following error:
%%193

Error: (02/18/2014 04:29:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the LanmanServer service which failed to start because of the following error:
%%193

Error: (02/18/2014 04:29:43 PM) (Source: Service Control Manager) (User: )
Description: The LanmanServer service terminated with the following error:
%%193

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 3574.46 MB
Available physical RAM: 1566.84 MB
Total Pagefile: 7147.22 MB
Available Pagefile: 5060.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.51 GB) (Free:699.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (WDO_MEDIA32) (Removable) (Total:14.61 GB) (Free:13.82 GB) FAT32
Drive f: (SONY_8GM) (Removable) (Total:7.26 GB) (Free:0.76 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 49D28CF8)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

==================== End Of Log ============================

 

 

Michael

 



#6 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 18 February 2014 - 07:10 PM

Gary I did not see the button you were referring to in your instructions (In the upper right hand corner of the topic you will see the  button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.)  So I hope that by hitting the add button you will be notified.

Michael



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 18 February 2014 - 09:08 PM

Hi Michael, nice to meet you.

Yes I am getting the notification. Thanks for your consideration.

We don't need to worry about accessing the internet at this point. If that changes I will certainly let you know.

Please consider and do these things for me.

===================================================

Spybot S&D No Longer Recommended

--------------------

MVPS.org is no longer recommending Spybot S&D due to poor testing results. (scroll down on the web site and read under Freeware Antispyware Products)

I strongly recommend uninstalling Spybot Search & Destroy. The presence of this program can make cleaning your computer more difficult.

If you choose to uninstall please go to Start, Control Panel, Add/Remove Programs (or Programs and Features) and uninstall the program.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 19 February 2014 - 12:11 AM

1)  I generally use Revo  uninstaller when removing programs.  It seems to be a bit better than what comes as standard issue from Microsoft but I defer to your better judgment and I won't be running it again.

2)  The TDSSKiller did not find anything.

3)  I couldn't get the aswMBR.dat file to open so I could copy and paste as per your instructions nor did I try to change the file extension to something that would open it so I attached it to this reply.  Hope that was ok.

4)  Note:  when I ran the aswMBR it was defaulted to a quick scan so I changed that to scan my C drive.  If I need to rerun it let me know and I will, stat.

5)  The aswMBR.txt file stated not to post this log unless instructed so I am posting it below and attaching the dat file.

6)  When I tried to attach the dat file to this post I received an error saying "You aren't permitted to upload this kind of file, so I will await your instructions on what procedure I should take to get that file to you.

 

Thanks again for your time Gary

 

M

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
AC Wi-Fi Dual-Band USB Adapter
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
avast! Free Antivirus
CameraHelperMsi
CloudReading
Defraggler
EMET 4.1
erLT
Foxit Reader
Google Chrome
Google Drive
Google Update Helper
HitmanPro 3.7
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Photo Creations
HP Update
Intel® Graphics Media Accelerator Driver
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
NTREGOPT 1.1j
Paint.NET v3.5.11
PrivaZer
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition
Sophos Anti-Rootkit 1.5.23
Sophos Virus Removal Tool
Spybot - Search & Destroy
SUPERAntiSpyware
Toolwiz Time Freeze 2014
Tweaking.com - Registry Backup
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Deployment Tools
Windows PE x86 x64
Windows PE x86 x64 wims
.
==== End Of File ===========================
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 19 February 2014 - 09:35 AM

Hi Michael,

Revo is fine to use.

Please post the TDSSKiller log anyway.

I think there is some confusion regarding aswMBR. We do not want to do anything with the MBR.dat file. We simply want to leave it on your desktop.

Did you do this?

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


You posted a DDS log. What I would like to see is the contents of the above log.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 19 February 2014 - 11:16 AM

Gary, I did save the aswMBR.dat log to my desktop thank you for clearing that up.  I just tried to run the TDSSKiller again and this time it said there was an update from the current version 2.8.16.0 to 3.0.0.23 and when I tried to update it I got the error " unable to find local data files please reinstall".  This is the same error that I started receiving after I did the system restore that made it possible to see me desktop.  So I was unable to do the update so I continued without it but this time I noticed there was a link top change the parameters.  I checked this out because the program ran for only 50 minutes the last time I ran it and that didn't seem very long.  It found 0 threats and scanned 405 objects.  Anyway the parameters that are unchecked under the "objects to scan" are loaded modules and under additional options there are two options unchecked 1) verify file digital signatures and 2) detect TDLFS file system.  I was going to check all of them before I re-scan but thought I check with you first to see what you suggested.

M



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 19 February 2014 - 11:34 AM

Hi Michael,

Delete the existing TDSSKiller file then download it again. Don't check Loaded Modules but do check verify digital signatures and TDLFS file system.

Please rerun aswMBR. When completed click the Save Log button then copy and paste the information in your reply.

aswMBR2.png
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 19 February 2014 - 03:02 PM

Gary there seems to be a problem.  I may have caused it.  I ran the TDDSKiller but instead of skipping the 9 threats it found I quarantined them.  I copied the report that was in the program itself and then found the file in the root directory but it was listed there as quarantined and the files that were there 9 of them included. In that folder was another that read susp0000 and a sub folder under that svc0000 and in that folder there were three files  tsk0000.dta, object.ini, tsk0000.ini.  This was exactly the same for all 9 threats found.  I didn't try to copy all those files since I copied the report and can still copy them if you want me to open them.  I Then ran the aswMBR program and it would initialize then download the update and when I try to scan it wouldn't run saying "Avast rootkit has stopped working.  A problem caused the program to stop working correctly.  Windows will close the program and notify you if there is a solution to the problem." I tried running it both with and without the real time protection on and that didn't work. I deleted the program from my desktop and downloaded it again but this time I changed the name but not the exe extension ran it and got the same error.  It occurred to me at that point that by quarantining the threats that the TDSSKiller found I may have quarantined a file that it needed to run.  So I re-ran the TDSSKiller again and it found the same threats I had quarantined previously only this time I skipped the taking any action like you originally had suggested then ran the aswMBR one more time with the same results... it stopped working again.

I am posting the log that was in the program under reports and if you want the quarantined logs from the root directly let me know and I'll get right away. 

If I did anything wrong by running them incorrectly I apologize and no one to blame by myself.  I'll do my best to be more diligent in my efforts going forward.  I just borrowed a laptop from a friend so I can see your instructions from my e mail since my printer is down because of this infection

Thanks for all your help and I appreciate your patience with me in trying to resolve this mess.  I am available when you need me now.  I took the rest of today and tomorrow off to work on this with you.

 

I tried to post the log here but got an error saying the post was too long and to shorten it.  I wasn't sure what part to delete so I didn't post the TDSSKiller log just the above comments.  I thought about attaching it but wanted to wait on your instructions first.

 

Please advise how to proceed.

 

 

 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 19 February 2014 - 03:12 PM

Hi Michael,

I think we are OK, no worries just yet. Please zip the file and attempt to attach it. If that won't work I have another alternative.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 icub4ucme

icub4ucme
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Phoenix AZ
  • Local time:10:25 PM

Posted 19 February 2014 - 04:03 PM

Gary I will try to attach the TDSSKiller report as a zip file. Looks like it will send so here ya go...thanks!

 

 

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,978 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:25 PM

Posted 19 February 2014 - 05:36 PM

12:14:27.0169 16036 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:14:30.0353 16036 ============================================================
12:14:30.0353 16036 Current date / time: 2014/02/19 12:14:30.0353
12:14:30.0353 16036 SystemInfo:
12:14:30.0353 16036
12:14:30.0353 16036 OS Version: 6.1.7601 ServicePack: 1.0
12:14:30.0353 16036 Product type: Workstation
12:14:30.0353 16036 ComputerName: MLSADMIN-PC
12:14:30.0353 16036 UserName: Administrator II
12:14:30.0353 16036 Windows directory: C:\Windows
12:14:30.0353 16036 System windows directory: C:\Windows
12:14:30.0354 16036 Processor architecture: Intel x86
12:14:30.0354 16036 Number of processors: 2
12:14:30.0354 16036 Page size: 0x1000
12:14:30.0354 16036 Boot type: Normal boot
12:14:30.0354 16036 ============================================================
12:14:31.0060 16036 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:14:31.0076 16036 ============================================================
12:14:31.0076 16036 \Device\Harddisk0\DR0:
12:14:31.0076 16036 MBR partitions:
12:14:31.0076 16036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
12:14:31.0076 16036 ============================================================
12:14:31.0098 16036 C: <-> \Device\Harddisk0\DR0\Partition1
12:14:31.0099 16036 ============================================================
12:14:31.0099 16036 Initialize success
12:14:31.0099 16036 ============================================================
12:15:35.0028 8140 ============================================================
12:15:35.0028 8140 Scan started
12:15:35.0028 8140 Mode: Manual; SigCheck; TDLFS;
12:15:35.0028 8140 ============================================================
12:15:35.0356 8140 ================ Scan system memory ========================
12:15:35.0356 8140 System memory - ok
12:15:35.0357 8140 ================ Scan services =============================
12:15:35.0430 8140 [ 51F207D5A9E7B2E76BEE59C05CCC23C4 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:15:35.0514 8140 !SASCORE - ok
12:15:35.0654 8140 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:15:35.0686 8140 1394ohci - ok
12:15:35.0695 8140 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:15:35.0711 8140 ACPI - ok
12:15:35.0738 8140 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:15:35.0754 8140 AcpiPmi - ok
12:15:35.0836 8140 [ C8C6C0D659734FDBF63F6F421A5416BC ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:15:35.0860 8140 AdobeFlashPlayerUpdateSvc - ok
12:15:35.0891 8140 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:15:35.0925 8140 adp94xx - ok
12:15:35.0943 8140 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:15:35.0960 8140 adpahci - ok
12:15:35.0989 8140 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:15:36.0003 8140 adpu320 - ok
12:15:36.0020 8140 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:15:36.0036 8140 AeLookupSvc - ok
12:15:36.0077 8140 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
12:15:36.0095 8140 AFD - ok
12:15:36.0116 8140 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:15:36.0129 8140 agp440 - ok
12:15:36.0177 8140 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:15:36.0199 8140 aic78xx - ok
12:15:36.0232 8140 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:15:36.0247 8140 ALG - ok
12:15:36.0281 8140 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:15:36.0293 8140 aliide - ok
12:15:36.0309 8140 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:15:36.0322 8140 amdagp - ok
12:15:36.0336 8140 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:15:36.0348 8140 amdide - ok
12:15:36.0363 8140 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:15:36.0377 8140 AmdK8 - ok
12:15:36.0393 8140 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:15:36.0406 8140 AmdPPM - ok
12:15:36.0421 8140 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:15:36.0435 8140 amdsata - ok
12:15:36.0456 8140 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:15:36.0470 8140 amdsbs - ok
12:15:36.0482 8140 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:15:36.0495 8140 amdxata - ok
12:15:36.0567 8140 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
12:15:36.0589 8140 AppHostSvc - ok
12:15:36.0638 8140 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:15:36.0664 8140 AppID - ok
12:15:36.0705 8140 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:15:36.0731 8140 AppIDSvc - ok
12:15:36.0756 8140 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
12:15:36.0790 8140 Appinfo - ok
12:15:36.0841 8140 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:15:36.0864 8140 AppMgmt - ok
12:15:36.0898 8140 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:15:36.0916 8140 arc - ok
12:15:36.0933 8140 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:15:36.0946 8140 arcsas - ok
12:15:37.0047 8140 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:15:37.0075 8140 aspnet_state - ok
12:15:37.0106 8140 [ 61953E5E1FFAEAF246A610BEE2554879 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:15:37.0129 8140 aswMonFlt - ok
12:15:37.0143 8140 [ 2206985EF126AB90F3D7F1A020589DC9 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
12:15:37.0155 8140 aswRdr - ok
12:15:37.0178 8140 [ F385467DF95D0A73775CB3B076B8B969 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
12:15:37.0190 8140 aswRvrt - ok
12:15:37.0212 8140 [ 8CD8710457FCC1CDE88CBFA3AA119B92 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:15:37.0236 8140 aswSnx - ok
12:15:37.0255 8140 [ C1F95C9481F46B96E23A276639C55AC9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:15:37.0272 8140 aswSP - ok
12:15:37.0299 8140 [ BFE2A154BC197656ACA0FF917564406D ] aswStm C:\Windows\system32\drivers\aswStm.sys
12:15:37.0311 8140 aswStm - ok
12:15:37.0318 8140 [ 1B0662514A68C3A42E60D240C5ABEF28 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
12:15:37.0332 8140 aswVmm - ok
12:15:37.0374 8140 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:15:37.0416 8140 AsyncMac - ok
12:15:37.0474 8140 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:15:37.0496 8140 atapi - ok
12:15:37.0638 8140 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:15:37.0680 8140 AudioEndpointBuilder - ok
12:15:37.0690 8140 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:15:37.0720 8140 Audiosrv - ok
12:15:37.0780 8140 [ CC42F104172B4A62793083D380867317 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:15:37.0798 8140 avast! Antivirus - ok
12:15:37.0844 8140 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:15:37.0873 8140 AxInstSV - ok
12:15:37.0912 8140 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:15:37.0942 8140 b06bdrv - ok
12:15:37.0963 8140 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:15:37.0984 8140 b57nd60x - ok
12:15:38.0029 8140 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:15:38.0043 8140 BDESVC - ok
12:15:38.0079 8140 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:15:38.0115 8140 Beep - ok
12:15:38.0191 8140 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:15:38.0216 8140 BFE - ok
12:15:38.0246 8140 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:15:38.0282 8140 BITS - ok
12:15:38.0312 8140 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:15:38.0325 8140 blbdrive - ok
12:15:38.0371 8140 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:15:38.0393 8140 bowser - ok
12:15:38.0412 8140 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:15:38.0432 8140 BrFiltLo - ok
12:15:38.0451 8140 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:15:38.0466 8140 BrFiltUp - ok
12:15:38.0496 8140 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:15:38.0511 8140 Browser - ok
12:15:38.0527 8140 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:15:38.0544 8140 Brserid - ok
12:15:38.0564 8140 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:15:38.0579 8140 BrSerWdm - ok
12:15:38.0590 8140 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:15:38.0606 8140 BrUsbMdm - ok
12:15:38.0614 8140 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:15:38.0628 8140 BrUsbSer - ok
12:15:38.0638 8140 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:15:38.0654 8140 BTHMODEM - ok
12:15:38.0694 8140 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:15:38.0732 8140 bthserv - ok
12:15:38.0768 8140 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:15:38.0795 8140 cdfs - ok
12:15:38.0842 8140 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:15:38.0867 8140 cdrom - ok
12:15:38.0950 8140 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:15:38.0992 8140 CertPropSvc - ok
12:15:39.0020 8140 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:15:39.0036 8140 circlass - ok
12:15:39.0053 8140 [ 3E2AFAFA158C9ED670C106842BDCC81E ] CISVC C:\Windows\system32\CISVC.EXE
12:15:39.0067 8140 CISVC - ok
12:15:39.0087 8140 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:15:39.0103 8140 CLFS - ok
12:15:39.0175 8140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:15:39.0197 8140 clr_optimization_v2.0.50727_32 - ok
12:15:39.0279 8140 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:15:39.0299 8140 clr_optimization_v4.0.30319_32 - ok
12:15:39.0323 8140 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:15:39.0336 8140 CmBatt - ok
12:15:39.0342 8140 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:15:39.0355 8140 cmdide - ok
12:15:39.0391 8140 [ 85449EEBE8F8EBD6481EFBF0F352B4EB ] CNG C:\Windows\system32\Drivers\cng.sys
12:15:39.0415 8140 CNG - ok
12:15:39.0421 8140 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:15:39.0434 8140 Compbatt - ok
12:15:39.0459 8140 [ 4AD85E8C1B15E594AFCCB4F4F46CF1E2 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
12:15:39.0469 8140 CompFilter - ok
12:15:39.0506 8140 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:15:39.0521 8140 CompositeBus - ok
12:15:39.0529 8140 COMSysApp - ok
12:15:39.0566 8140 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:15:39.0579 8140 crcdisk - ok
12:15:39.0636 8140 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:15:39.0656 8140 CryptSvc - ok
12:15:39.0704 8140 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users